January 2015 Updates

 microsoft windows  Comments Off on January 2015 Updates
Jan 132015
 

Today, as part of Update Tuesday, we released eight security updates – one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows.

We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here.

We re-released one Security Bulletin:

One Security Advisory was revised:

For the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

MSRC Team

December 2014 Updates

 microsoft windows  Comments Off on December 2014 Updates
Dec 092014
 

Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange.

We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here.

We re-released two Security Bulletins:

 One Security Advisory was revised:

 For the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

Tracey Pretorius, Director
Response Communications

Security Bulletin MS14-068 released

 Uncategorized  Comments Off on Security Bulletin MS14-068 released
Nov 192014
 

Today, we released an out-of-band security update to address a vulnerability in Kerberos which could allow Elevation of Privilege. This update is for all supported versions of Windows Server and includes a defense-in-depth update for all supported versions of Windows.

We strongly encourage customers to apply this update as soon as possible by following the directions in Security Bulletin MS14-068.

Tracey Pretorius, Director
Response Communications

Out-of-band release for Security Bulletin MS14-068

 Uncategorized  Comments Off on Out-of-band release for Security Bulletin MS14-068
Nov 182014
 

On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows.

We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.

More information about this bulletin can be found at Microsoft’s Advance Notification Service page.

Tracey Pretorius, Director
Response Communications

Oct 142014
 

Today, as part of Update Tuesday, we released eight security updates – three rated Critical and five rated Important – to address 24 Common Vulnerabilities & Exposures (CVEs) in Windows, Office, .NET Framework, .ASP.NET, and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize deployment planning, we recommend focusing on the Critical updates first.

Here’s an overview slide and video of the security updates released today:

 

 

 

For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary Web page. If you are not familiar with how we calculate XI, a full description is found here.

We released three security advisories this month:

We also revised Security Bulletin MS14-042: Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621) and Security Advisory 2755801: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer.

Today, Microsoft also announced upcoming updates to the out-of-date ActiveX control blocking feature. Beginning November 11, 2014, the out-of-date ActiveX control blocking feature will automatically be expanded to block outdated versions of Silverlight, in addition to outdated versions of Java. It is also being expanded to support Internet Explorer 9 on Windows Vista SP2 and Windows Server 2008 SP2. For more information on this, please visit the IEBlog.

Watch our bulletin webcast tomorrow, Wednesday, October 15, 2014, at 11 a.m. PDT.

For all the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

Thanks,
Tracey Pretorius, Director,
Response Communications

%d bloggers like this: