Skip to main content


Microsoft Releases Security Advisory 2914486

Wednesday, November 27, 2013

Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) found this issue being used on systems compromised by a third-party remote code execution vulnerability.

ActiveX Control issue being addressed in Update Tuesday

Monday, November 11, 2013

Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The security update will be distributed to customers tomorrow via Windows Update at approximately 10:00 AM PDT.

The October 2013 security updates

Monday, October 07, 2013

This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083. Our Bulletin Deployment Priority graph provides an overview of this month’s priority releases (click for larger view).

Advance Notification Service for October 2013 Security Bulletin Release

Wednesday, October 02, 2013

Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update which will address the publicly disclosed issue described in Security Advisory 2887505.

July 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Friday, July 12, 2013

Today we’re publishing the July 2013 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 10 questions covering all updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled webcast on Wednesday, August 14th at 11 a.m. PT (UTC -8), when we will go into detail about the August 2013 bulletin release and answer questions live on the air.

June 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Friday, June 14, 2013

Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page. We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler (MS13-050), Microsoft Office (MS13-051), and the security advisory addressing digital certificates (SA2854544). There was one question we were unable to field on the air which we answered on the Q&A page.

Microsoft Releases Security Advisory 2847140

Friday, May 03, 2013

Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.