Tuesday, August 10, 2010
Today we releasedfourteen security bulletins. Eight have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. Furthermore, six of the fourteen bulletins either do not affect the latest version of our products or affect them with reduced severity. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Wednesday, July 28, 2010
** UPDATE: Version 2.0 of EMET is now available. Click here to read more about it. * What is EMET? In October 2009, we released a tool on this blog called EMET that provides users with the ability to deploy security mitigation technologies to arbitrary applications. Doing so helps to prevent vulnerabilities in those applications (especially line of business and 3rd party apps) from successfully being exploited.
Wednesday, July 21, 2010
Today on the [MSRC blog,](«http://blogs.technet.com/b/msrc/archive/2010/07/22/announcing-coordinated-vulnerability-disclosure.aspx> >) Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated Vulnerability Disclosure. I wanted to provide some context and history on how this came about. This post is about changing the way we at Microsoft talk about some familiar disclosure concepts, and is meant as an introduction to how Microsoft would like to engage with researchers.
Tuesday, July 20, 2010
We’ve just updated Microsoft Security Advisory 2286198 to let customers know that we now have an automated “Fix It” available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running the “Fix It” can help prevent attacks attempting to exploit this vulnerability.
Tuesday, July 13, 2010
Today we released MS10-042 to address CVE-2010-1885, a Critical severity security issue in the Help and Support Center. Windows XP is affected and we have seen limited attacks, so we encourage everyone to depoy the update right away. Windows Server 2003 also contains the vulnerable code; however, we have not identified a way for an attacker to exploit it.
Thursday, June 10, 2010
Hello, We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We are not aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack.
Tuesday, June 08, 2010
Today we released MS10-035, a security update with an Important severity update, addressing CVE-2010-0255. We’d like to talk briefly about that specific vulnerability and how we’ve addressed it. Background information This issue primarily impacts Internet Explorer running on Windows XP. Attacks against Internet Explorer running on Windows Vista and newer platforms are mitigated by Internet Explorer Protected Mode.
Thursday, April 29, 2010
Hello. Today we released Security Advisory 983438, addressing a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0 that could allow Elevation of Privilege (EoP) within the SharePoint site itself. Servers are at reduced risk from Internet Explorer 8 clients, as the Internet Explorer 8 XSS filter helps to mitigate the issue in the internet zone.
Friday, April 23, 2010
I wanted to give customers an update on the status of MS10-025. First, I want to reiterate that this issue affects only Windows 2000 Servers in a non-default configuration: Windows Media Services needs to be installed. Customers who do not have Windows Media Services installed are not affected and were not offered this update.
Wednesday, April 21, 2010
Hi, MS10-025 is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks seeking to exploit this issue and are targeting a re-release of the update for next week.
