Skip to main content
MSRC

Rating

More information on MS12-004

Tuesday, January 10, 2012

This month we released MS12-004 to address CVE-2012-0003 and CVE-2012-0004. CVE-2012-0003 The most severe of these vulnerabilities is CVE-2012-0003 which is a Critical, Remote Code Execution vulnerability. This CVE affects all editions of Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. Windows 7 is not affected by this vulnerability.

ASP.NET security update is live!

Thursday, December 29, 2011

Today we released MS11-100, addressing a newly disclosed denial-of-service vulnerability affecting several vendors’ Web application platforms, including Microsoft’s ASP.NET. Yesterday, we posted an SRD blog describing the vulnerability and the detection and workaround opportunities. With this blog post, we’d like to update you on the following topics: Why is this bulletin rated “Critical” for a Denial-of-Service vulnerability?

Assessing the risk of the August security updates

Tuesday, August 09, 2011

Today we released 13 security bulletins. Two have a maximum severity rating of Critical, nine have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS11-057 (IE) Victim browses to a malicious webpage.

Assessing the risk of the June security updates

Tuesday, June 14, 2011

Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS11-050(IE) Victim browses to a malicious webpage.

Assessing the risk of the April security updates

Tuesday, April 12, 2011

Today we released 17 security bulletins. Nine have a maximum severity rating of Critical and eight have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS11-018(IE) Victim browses to a malicious webpage.

MS11-034: Addressing vulnerabilities in the win32k subsystem

Tuesday, April 12, 2011

Today we released security bulletin MS11-034 to address vulnerabilities in the win32k subsystem. This update addresses externally reported issues as well as several internally found vulnerabilities that were discovered as part of our variant investigation. The bulletin may appear to address an alarmingly large number of issues. However, if you dig into the issues themselves, you’ll find that the 30 vulnerabilities addressed in this update really just share three separate vulnerability root causes: insufficient validation or locking of win32k objects after a user-mode callback.

Assessing the risk of the February security updates

Tuesday, February 08, 2011

Today we released twelve security bulletins. Three have a maximum severity rating of Critical and nine have a maximum severity rating of Important. This release addresses three publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS11-003(IE) Victim browses to a malicious webpage.

Assessing the risk of the October security updates

Tuesday, October 12, 2010

Today we released sixteen security bulletins. Four have a maximum severity rating of Critical, ten have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max exploit-ability Likely first 30 days impact Platform mitigations and key notes MS10-071 (IE) Victim browses to a malicious webpage.

Note on Bulletin Severity for MS10-081 and MS10-074

Tuesday, October 12, 2010

Today we released MS10-081 (Important severity) and MS10-074 (Moderate severity), each providing an update for a single vulnerability. In this blog post we are going to cover some additional details on the severity of these vulnerabilities that may factor into how you prioritize the deployment of this month’s updates. Neither of the two vulnerabilities covered by MS10-081 and MS10-074 have attack vectors through Microsoft software.

Assessing the risk of the September security updates

Tuesday, September 14, 2010

Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. Furthermore, six of the nine bulletins either do not affect the latest version of our products or affect them with reduced severity. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.