Skip to main content
MSRC

Security Bulletin

A guide to exploit mitigations and the July 2011 security bulletin release

Tuesday, July 12, 2011

Hello all – Over the years we’ve often talked about exploit mitigations – DEP, ASLR, SEHOP and so forth – as effective tools for improving computer security, reducing risk, preventing attacks, and minimizing operational disruption. Today we’re releasing a user’s guide to the toolbox: “Mitigating Software Vulnerabilities,” a white paper with practical information on choosing and enabling those mitigations.

Autorun-Related Malware Declines and the June 2011 Security Bulletin Release

Tuesday, June 14, 2011

Hello there. First off, I’d like to share some news regarding the updates we made to the Autorun feature in Security Advisory 967940, which we released in February 2011. The advisory made changes to how Autorun handles “non-shiny” media (eg., USB thumb drives). The change was expected to make a significant difference to infection rates by malware that uses Autorun to propagate, and we’ve been monitoring those rates ever since.

June Advance Notification Service and 10 Immutable Laws Revisited

Thursday, June 09, 2011

Before we get into this month’s release, we wanted to alert you to updates to a document that’s been central to much of how Microsoft thinks about security. Ten years ago, Microsoft penned the “Ten Immutable Laws of Security,” which debuted on TechNet. It was written before the rise of – among other technologies and trends – cloud computing, social networking, widespread smartphone adoption, and Windows XP, to name but a few landmarks along the way.

Q&A from May 2011 Security Bulletin Webcast

Thursday, May 12, 2011

Hello, Today we published the May Security Bulletin Webcast Questions & Answers page. We fielded twelve questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.

Exploitability Index Improvements & Advance Notification Service for May 2011 Bulletin Release

Thursday, May 05, 2011

Hello everyone, Today we are announcing changes to Microsoft’s Exploitability Index. Since October 2008, we have used the Exploitability Index to provide customers with valuable exploitability analysis for our security bulletins, and starting Tuesday this information will become even more comprehensive for those who use Microsoft’s latest platforms. The Exploitability Index assesses the likelihood of functional exploit code being developed for a particular vulnerability.

Q&A from April 2011 Security Bulletin Webcast

Thursday, April 14, 2011

Hello, Today we published the April Security Bulletin Webcast Questions & Answers page. We fielded 14 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.

Q&A from the March 2011 Security Bulletin Webcast

Friday, March 11, 2011

Hello, Today we published the March Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, April 13th at 11am PDT (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

March 2011 Security Bulletin Release

Tuesday, March 08, 2011

Hello all – Today, as part of our monthly security bulletin release, we have three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment: MS11-015. This bulletin resolves one Critical-level and one Important-level vulnerability affecting certain media files in all versions of Microsoft Windows.

February 2011 Security Bulletin Release

Tuesday, February 08, 2011

Hello all – Today, as part of our monthly security bulletin release, we have 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). Three bulletins are rated Critical, and these are the bulletins we recommend for priority deployment: o MS11-003. This bulletin resolves three critical-level and moderate-level vulnerabilities affecting all versions of Internet Explorer.