Microsoft Security Bulletin for May 2014

On the second Tuesday of the month, May 13, 2014, at approximately 10:00 a.m. PDT Microsoft will release eight bulletins, two rated Critical and six rated Important in severity.

This is an advance notification of security bulletins that Microsoft is intending to release on May 13, 2014. This notification replaces the out-of-band bulletin summary that was released on May 1, 2014, and does not include the out-of-band bulletin (MS14-021), which was released on May 1, 2014.

This bulletin advance notification will be replaced with the May bulletin summary on May 13, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

https://technet.microsoft.com/library/security/ms14-may

Tags:

Security Update Released to Address Zero Day Internet Explorer Vulnerability

Microsoft has released a security update to address the Internet Explorer (IE) vulnerability first reported as Security Advisory 2963983.

Also,

We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11. You can find more information on the Microsoft Security Bulletin summary webpage.

http://blogs.technet.com/b/msrc/archive/2014/05/01/security-update-released-to-address-recent-internet-explorer-vulnerability.aspx

https://technet.microsoft.com/en-us/library/security/ms14-may.aspx

Tags:

Microsoft Security Bulletin for April 2014

MSRC

Today Microsoft released four bulletins to address 11 CVEs in Microsoft Windows, Internet Explorer and Microsoft Office. The update for Microsoft Word addresses the issues described in Microsoft Security Advisory 2953095.

For an overview of all the updates released this month:
http://blogs.technet.com/b/msrc/archive/2014/04/08/the-april-2014-security-updates.aspx

http://technet.microsoft.com/en-us/security/bulletin/ms14-apr

Tags:

Microsoft Security Bulletin for March 2014

Microsoft’s advance notification for the release of five bulletins for March 2014, two rated Critical and three rated Important in severity. The updates address issues in Microsoft Windows, Internet Explorer and Silverlight.

The update provided in MS14-012 fully addresses the issue first described in Security Advisory 2934088. While we have seen a limited number of attacks using this issue, they have only targeted Internet Explorer 10. Customers using other versions of Internet Explorer have not been impacted.

As always, we’ve scheduled the security bulletin release for the second Tuesday of the month, March 11, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for analysis of the risk and impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for security bulletin testing and deployment.

MSRC:
http://blogs.technet.com/b/msrc/archive/2014/03/06/advance-notification-server-for-the-march-2014-security-bulletin-release.aspx
TechNet:
http://technet.microsoft.com/en-us/security/bulletin/ms14-mar

Tags:

Microsoft Security Bulletin for February 2014

On Tuesday, February 11, 2014, at approximately 10:00 a.m. PST Microsoft is planning to release five bulletins.

Two Critical updates address vulnerabilities in Microsoft Windows and Security Software while the three Important-rated updates address issues in Windows and the .NET Framework.

MSRC: http://blogs.technet.com/b/msrc/archive/2014/02/06/advance-notification-service-for-february-2014-security-bulletin-release.aspx

TechNet: http://technet.microsoft.com/en-us/security/bulletin/ms14-feb

Tags:

Krebs: Jan 14 Security Updates for Windows, Java, Flash & Reader

Krebs On Security

Adobe, Microsoft and Oracle today each issued security updates to fix serious vulnerabilities in their products. Adobe released patches for AIR, Acrobat, Flash and Reader, while Microsoft pushed out fixes to shore up at least a half dozen security weaknesses in Windows and Office. Oracle released an update for Java that fixes at least three dozen security holes in the widely-used program.

http://krebsonsecurity.com/2014/01/security-updates-for-windows-flash-reader/

Tags: ---

Microsoft Security Bulletin for January 2014

On Tuesday, January 14, 2014, Microsoft is planning to release four bulletins.

All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described in Security Advisory 2914486. We have only seen this issue used in conjunction with a PDF exploit in targeted attacks and not on its own. This only impacts customers using Windows XP or Server 2003 as more recent Windows versions are not affected.

As always, we’ve scheduled the security bulletin release for the second Tuesday of the month, January 14, 2014, at approximately 10:00 a.m. PST.

MSRC: http://blogs.technet.com/b/msrc/archive/2014/01/09/advance-notification-service-for-the-january-2014-security-bulletin-release.aspx

TechNet: http://technet.microsoft.com/en-us/security/bulletin/ms14-jan

Tags:

Avoiding Weak Passwords

Microsoft Research
Avoiding Vulnerable Passwords—and Rules, Too
Telepathwords

Snippet:

The free online research tool, launched Dec. 5, is called Telepathwords. Users can visit the project website and test the strength of their passwords—current ones, past ones, or ones they’re considering using.

“The system doesn’t ask the user to learn anything up-front or follow any specific rules,” Schechter says. “Rather, as you type each key of your intended password, it displays the characters it thinks you’re most likely to type next. If it succeeds in predicting one or more characters of the rest of your password, the evidence that these characters are predictable will be right in front of your eyes.”

Read the complete article: http://research.microsoft.com/en-us/news/features/telepathwords-120513.aspx

Tags: -

Microsoft Security Bulletin for December 2013

Tuesday, December 10, 2013, Microsoft is planning to release 11 bulletins, five Critical and six Important.

The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666.

This release won’t include an update for the issue described in Security Advisory 2914486. We’re still working to develop a security update and we’ll release it when ready. Until then, we recommend folks review the advisory and apply the suggested workaround on their Windows XP and Windows Server 2003 systems. Customers with more recent versions of Windows are not affected by this issue.

MSRC: http://blogs.technet.com/b/msrc/archive/2013/12/05/advance-notification-service-for-december-2013-security-bulletin-release.aspx

TechNet: http://technet.microsoft.com/en-us/security/bulletin/ms13-dec

Tags:

Microsoft Kinect Sign Language Translator

Microsoft Research Connections Team
Kinect Sign Language Translator – part 1
Guobin Wu

There are more than 20 million people in China who are hard of hearing, and an estimated 360 million such people around the world, so this project has immense potential to generate positive social impact worldwide.

http://blogs.msdn.com/b/msr_er/archive/2013/10/29/kinect-sign-language-translator.aspx

Kinect Sign Language Translator – part 2
Stewart Tansley
http://blogs.msdn.com/b/msr_er/archive/2013/10/30/kinect-sign-language-translator-part-2-of-2.aspx

Tags: -