Security Advisory

Security Advisory 2755801 revised to address Adobe Flash Player issues (Nov. 6, 2012)

Tuesday, November 06, 2012

Today, in conjunction with Adobe’s update process, we have revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft Update service, to help ensure protection.

Read More

• Advisory
• Announcements
• Internet Explorer (IE)
• Security
• Security Advisory

Security Advisory 2755801 revised to address Adobe Flash Player issues

Monday, October 08, 2012

Today we revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10, in conjunction with Adobe’s update process. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft Update service, to help ensure protection.

Read More

• Advisory
• Internet Explorer (IE)
• Security
• Security Advisory

Security Advisory 2755801 addresses Adobe Flash Player issues

Friday, September 21, 2012

Today we released Security Advisory 2755801 that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft Update service, to help ensure protection.

Read More

• Advisory
• Internet Explorer (IE)
• Security Advisory
• Security Update

Microsoft Releases Security Advisory 2757760

Monday, September 17, 2012

Today we released Security Advisory 2757760 to address an issue that affects Internet Explorer 9 and earlier versions if a user views a website hosting malicious code. Internet Explorer 10 is not affected. We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue.

Read More

• Advisory
• Internet Explorer (IE)
• Security Advisory

Security Advisory 2737111 released

Tuesday, July 24, 2012

Hello – Today we published Security Advisory 2737111, which provides mitigations and workarounds that will help protect customers from a known vulnerability in one of Oracle’s Outside In libraries, which were updated earlier this month. Microsoft licenses the libraries from Oracle and uses them in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint.

Read More

• Advisory
• Security Advisory

Further insight into Security Advisory 2719615

Wednesday, June 13, 2012

During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we’ve built a Fix it workaround that blocks the potential attack vector in Internet Explorer. Fix its are a labor-saving mechanism that helps protect customers from a specific issue in advance of a comprehensive security update.

Read More

• Advisory
• Security Advisory

Certificate Trust List update and the June 2012 bulletins

Tuesday, June 12, 2012

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.

Read More

• Security Advisory
• Security Bulletin
• Security bulletin release
• Update Tuesday

Security Advisory 2718704: Collision attack details, WU update rollout

Wednesday, June 06, 2012

Today, as a part of our continuing phased mitigation strategy recently discussed, we have initiated the additional hardening of Windows Update. We’ve also provided more information about the MD5 hash-collision attacks used by the Flame malware in the SRD blog. This information should help answer questions from customers about the nature of these collision attacks.

Read More

• Security Advisory

Security Advisory 2718704: Update to Phased Mitigation Strategy

Monday, June 04, 2012

Hello, At Microsoft, our commitment is to help ensure customer trust in their computing experience. That was the impetus for Trustworthy Computing, and central to that is the priority we place on taking the necessary actions to help protect our customers. Yesterday, we issued Security Advisory 2718704 outlining the steps we took to help protect our customers from attacks using certain unauthorized digital certificates.

Read More

• Security Advisory

Microsoft releases Security Advisory 2718704

Sunday, June 03, 2012

Hello, We recently became aware of a complex piece of targeted malware known as “Flame” and immediately began examining the issue. As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk. Additionally, most antivirus products will detect and remove this malware.

Read More

• Security Advisory