Risk Asessment | Microsoft Security Response Center

MS12-054: Not all remote, pre-auth vulnerabilities are equally appetizing for worms..

Tuesday, August 14, 2012

We released security update MS12-054 to address four privately reported issues in Windows networking components failing to properly handle malformed Remote Administration Protocol (RAP) responses. The most severe of these issues, CVE-2012-1851, is a format string vulnerability in the printer spooler service while handling a response message and is a wormable-class vulnerability on Windows XP and Windows Server 2003.

More information on Security Advisory 2737111

Tuesday, July 24, 2012

Today we released Security Advisory 2737111 to describe the way in which vulnerabilities in Oracle’s Outside In technology impact the document preview functionality of Microsoft Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint. In this blog, we would like to discuss the following: What is the Oracle Outside In technology?

Assessing risk for the July 2012 security updates

Tuesday, July 10, 2012

Today we released nine security bulletins addressing 16 CVE’s. Three of the bulletins have a maximum severity rating of Critical and the other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS12-043(MSXML) Victim browses to a malicious webpage.

Assessing risk for the June 2012 security updates

Tuesday, June 12, 2012

Today we released seven security bulletins. Three have a maximum severity rating of Critical and the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS12-037(Internet Explorer) Victim browses to a malicious webpage.

Assessing risk for the April 2012 security updates

Tuesday, April 10, 2012

Today we released 6 security bulletins. Four have a maximum severity rating of Critical with the other two addressing Important class vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Rating Likely first 30 days impact Platform mitigations and key notes MS12-027(Windows Common Controls) Attackers have leveraged this vulnerability in limited, targeted attacks by emailing malicious RTF file to victims.

Assessing risk for the February 2012 security updates

Tuesday, February 14, 2012

Today we released nine security bulletins. Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS12-010(Internet Explorer) Victim browses to a malicious website.

Assessing risk for the January 2012 security updates

Tuesday, January 10, 2012

Today we released seven security bulletins. One has a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS12-004(Windows Media) Victim browses to a malicious website or opens a malicious media file.

Assessing the risk of the December 2011 security updates

Tuesday, December 13, 2011

Today we released thirteen security bulletins. Three have a maximum severity rating of Critical with the other ten having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-Ability Index Likely first 30 days impact Platform mitigations and key notes MS11-087 (TTF Font parsing) Victim opens a malicious Office document or browses to a malicious website.

Assessing the risk of the October 2011 security updates

Tuesday, October 11, 2011

Today we released eight security bulletins. Two have a maximum severity rating of Critical with the other six having a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS11-081 (Internet Explorer) Victim browses to a malicious website.

Is SSL broken? – More about Security Bulletin MS12-006 (previously known as Security Advisory 2588513)

Monday, September 26, 2011

On January 10th, Microsoft released MS12-006 in response to a new vulnerability discovered in September in SSL 3.0 and TLS 1.0. Here we would like to give further information about the technique used to exploit this vulnerability and workaround options Microsoft has released if you discover a compatibility issue after installing the update.