Microsoft

Microsoft Security Bulletin for April 2014

by certifiedbug on April 8, 2014

in Microsoft

MSRC

Today Microsoft released four bulletins to address 11 CVEs in Microsoft Windows, Internet Explorer and Microsoft Office. The update for Microsoft Word addresses the issues described in Microsoft Security Advisory 2953095.

For an overview of all the updates released this month:
http://blogs.technet.com/b/msrc/archive/2014/04/08/the-april-2014-security-updates.aspx

http://technet.microsoft.com/en-us/security/bulletin/ms14-apr

{ 0 comments }

Microsoft Security Bulletin for March 2014

by certifiedbug on March 7, 2014

in Microsoft

Microsoft’s advance notification for the release of five bulletins for March 2014, two rated Critical and three rated Important in severity. The updates address issues in Microsoft Windows, Internet Explorer and Silverlight.

The update provided in MS14-012 fully addresses the issue first described in Security Advisory 2934088. While we have seen a limited number of attacks using this issue, they have only targeted Internet Explorer 10. Customers using other versions of Internet Explorer have not been impacted.

As always, we’ve scheduled the security bulletin release for the second Tuesday of the month, March 11, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for analysis of the risk and impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for security bulletin testing and deployment.

MSRC:
http://blogs.technet.com/b/msrc/archive/2014/03/06/advance-notification-server-for-the-march-2014-security-bulletin-release.aspx
TechNet:
http://technet.microsoft.com/en-us/security/bulletin/ms14-mar

{ 0 comments }

Microsoft Security Bulletin for February 2014

by certifiedbug on February 7, 2014

in Microsoft

On Tuesday, February 11, 2014, at approximately 10:00 a.m. PST Microsoft is planning to release five bulletins.

Two Critical updates address vulnerabilities in Microsoft Windows and Security Software while the three Important-rated updates address issues in Windows and the .NET Framework.

MSRC: http://blogs.technet.com/b/msrc/archive/2014/02/06/advance-notification-service-for-february-2014-security-bulletin-release.aspx

TechNet: http://technet.microsoft.com/en-us/security/bulletin/ms14-feb

{ 0 comments }

Microsoft Security Bulletin for January 2014

by certifiedbug on January 13, 2014

in Microsoft

On Tuesday, January 14, 2014, Microsoft is planning to release four bulletins.

All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described in Security Advisory 2914486. We have only seen this issue used in conjunction with a PDF exploit in targeted attacks and not on its own. This only impacts customers using Windows XP or Server 2003 as more recent Windows versions are not affected.

As always, we’ve scheduled the security bulletin release for the second Tuesday of the month, January 14, 2014, at approximately 10:00 a.m. PST.

MSRC: http://blogs.technet.com/b/msrc/archive/2014/01/09/advance-notification-service-for-the-january-2014-security-bulletin-release.aspx

TechNet: http://technet.microsoft.com/en-us/security/bulletin/ms14-jan

{ 0 comments }

Avoiding Weak Passwords

December 6, 2013

Microsoft Research Avoiding Vulnerable Passwords—and Rules, Too Telepathwords Snippet: The free online research tool, launched Dec. 5, is called Telepathwords. Users can visit the project website and test the strength of their passwords—current ones, past ones, or ones they’re considering using. “The system doesn’t ask the user to learn anything up-front or follow any specific […]

Read the full article →

Microsoft Security Bulletin for December 2013

December 6, 2013

Tuesday, December 10, 2013, Microsoft is planning to release 11 bulletins, five Critical and six Important. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666. This release won’t include an update for the issue described […]

Read the full article →

Microsoft Security Bulletin for November 2013

November 7, 2013

Security TechCenter This is an advance notification of security bulletins that Microsoft is intending to release on November 12, 2013. This bulletin advance notification will be replaced with the November bulletin summary on November 12, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. http://technet.microsoft.com/en-us/security/bulletin/ms13-nov November Bulletins: Three […]

Read the full article →

Internet Explorer 11 Available for Windows 7

November 7, 2013

IEBlog Internet Explorer 11 (IE11) is available worldwide in 95 languages for download today. We will begin automatically updating Windows 7 customers to IE11 in the weeks ahead, starting today with customers running the IE11 Developer and Release Previews. With this final release, IE11 brings the same leading standards support–with improved performance, security, privacy, and […]

Read the full article →

Microsoft Releases Security Advisory 2896666

November 5, 2013

Security Advisory 2896666 Microsoft: We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue. The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. […]

Read the full article →

Microsoft Security Advisory 2896666

November 5, 2013

Security TechCenter Microsoft Security Advisory (2896666) Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution Published: Tuesday, November 05, 2013 Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability […]

Read the full article →