Category Archives: Microsoft

Windows updates, alerts and articles

Microsoft Security Bulletin for December 2014

From Microsoft’s MSRC Team

Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange.

We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here.

We re-released two Security Bulletins:

MS14-065 Cumulative Security Update for Internet Explorer
MS14-066 Vulnerability in Schannel Could Allow Remote Code Execution

One Security Advisory was revised:

Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801).

For the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

Tracey Pretorius, Director
Response Communications

krebsonsecurity
Microsoft, Adobe Push Critical Security Fixes

Microsoft Security Bulletin for November 2014

Microsoft Security Response Center:

Today, we provide advance notification for the release of 16 Security Bulletins. Five of these updates are rated Critical, nine are rated as Important, and two are rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, Exchange, .NET Framework, Internet Information Services (IIS), Remote Desktop Protocol (RDP), Active Directory Federation Services (ADFS), Input Method Editor (IME) (Japanese), and Kernel Mode Driver (KMD).

As per our monthly process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, November 11, 2014, at approximately 10 a.m. PST. At that time, we’ll provide deployment guidance. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

MSRC:
http://blogs.technet.com/b/msrc/archive/2014/11/06/advance-notification-service-for-the-november-2014-security-bulletin-release.aspx
Security TechCenter:
https://technet.microsoft.com/library/security/ms14-nov

Microsoft Security Bulletin for October 2014

Today, we provide advance notification for the release of nine Security Bulletins. Three of these updates are rated Critical, five are rated as Important, and one is rated Moderate in severity. These updates are for Microsoft Windows, Internet Explorer, Office, .NET Framework, and ASP.NET.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, October 14, 2014, at approximately 10 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

MSRC:
http://blogs.technet.com/b/msrc/archive/2014/10/09/advance-notification-service-for-the-october-2014-security-bulletin-release.aspx

Technet: https://technet.microsoft.com/library/security/ms14-oct

Microsoft Security Bulletin Summary for September 2014

Microsoft released four bulletins, one critical and three important.

This bulletin summary lists security bulletins released for September 2014.

With the release of the security bulletins for September 2014, this bulletin summary replaces the bulletin advance notification originally issued September 4, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft is hosting a webcast to address customer questions on these bulletins on September 10, 2014, at 11:00 AM Pacific Time (US & Canada). To view the monthly webcast and for links to additional security bulletin webcasts, see Microsoft Security Bulletin Webcast.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

https://technet.microsoft.com/library/security/ms14-sep

Microsoft Security Bulletin Summary for September 2014

Microsoft released four bulletins, one critical and three important.

This bulletin summary lists security bulletins released for September 2014.

With the release of the security bulletins for September 2014, this bulletin summary replaces the bulletin advance notification originally issued September 4, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.

Microsoft is hosting a webcast to address customer questions on these bulletins on September 10, 2014, at 11:00 AM Pacific Time (US & Canada). To view the monthly webcast and for links to additional security bulletin webcasts, see Microsoft Security Bulletin Webcast.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

https://technet.microsoft.com/library/security/ms14-sep

Microsoft Security Bulletin for August 2014

On Tuesday, August 12, 2014, Microsoft is planning to release nine bulletins.

MSRC

Two of these are rated Critical, and the remaining seven are rated Important in severity. These Updates are for SQL Server, SharePoint, OneNote, .NET, Microsoft Windows, and Internet Explorer.

As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, August 12, 2014, at approximately 10 a.m. PDT

http://blogs.technet.com/b/msrc/archive/2014/08/07/advance-notification-service-for-the-august-2014-security-bulletin-release.aspx

https://technet.microsoft.com/en-us/library/security/ms14-aug.aspx

Microsoft Security Bulletin for July 2014

MSRC

This month’s release includes six new security bulletins, addressing 29 Common Vulnerability and Exposures (CVEs) in Microsoft Windows and Internet Explorer. Two of these security bulletins are rated Critical, three are rated Important, and one rated Moderate in severity. As always, we encourage you to apply all of the updates, but for those who prioritize, we recommend the Windows Journal and Internet Explorer (IE) updates be on the top of your list.

http://blogs.technet.com/b/msrc/archive/2014/07/08/july-2014-security-bulletin-release.aspx

https://technet.microsoft.com/library/security/ms14-jul

Microsoft Security Bulletin for June 2014

Microsoft released seven bulletins. Two listed as Critical and five Important in severity, addressing 66 Common Vulnerabilities and Exposures (CVEs) for Microsoft Windows, Internet Explorer, and Microsoft Office customers.

Theoretical Thinking and the June 2014 Bulletin Release
http://blogs.technet.com/b/msrc/archive/2014/06/10/theoretical-thinking-and-the-june-2014-bulletin-release.aspx

Technet: https://technet.microsoft.com/library/security/ms14-jun

Microsoft Security Bulletin for May 2014

On the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT Microsoft will release eight bulletins, two rated Critical and six rated Important in severity.

This is an advance notification of security bulletins that Microsoft is intending to release on May 13, 2014. This notification replaces the out-of-band bulletin summary that was released on May 1, 2014, and does not include the out-of-band bulletin (MS14-021), which was released on May 1, 2014.

This bulletin advance notification will be replaced with the May bulletin summary on May 13, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

https://technet.microsoft.com/library/security/ms14-may

Security Update Released to Address Zero Day Internet Explorer Vulnerability

Microsoft has released a security update to address the Internet Explorer (IE) vulnerability first reported as Security Advisory 2963983.

Also,

We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11. You can find more information on the Microsoft Security Bulletin summary webpage.

http://blogs.technet.com/b/msrc/archive/2014/05/01/security-update-released-to-address-recent-internet-explorer-vulnerability.aspx

https://technet.microsoft.com/en-us/library/security/ms14-may.aspx