Microsoft Security Bulletin for April 2014

MSRC

Today Microsoft released four bulletins to address 11 CVEs in Microsoft Windows, Internet Explorer and Microsoft Office. The update for Microsoft Word addresses the issues described in Microsoft Security Advisory 2953095.

For an overview of all the updates released this month:
http://blogs.technet.com/b/msrc/archive/2014/04/08/the-april-2014-security-updates.aspx

http://technet.microsoft.com/en-us/security/bulletin/ms14-apr

Tags:

Microsoft Security Bulletin for March 2014

Microsoft’s advance notification for the release of five bulletins for March 2014, two rated Critical and three rated Important in severity. The updates address issues in Microsoft Windows, Internet Explorer and Silverlight.

The update provided in MS14-012 fully addresses the issue first described in Security Advisory 2934088. While we have seen a limited number of attacks using this issue, they have only targeted Internet Explorer 10. Customers using other versions of Internet Explorer have not been impacted.

As always, we’ve scheduled the security bulletin release for the second Tuesday of the month, March 11, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for analysis of the risk and impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information to help you prepare for security bulletin testing and deployment.

MSRC:
http://blogs.technet.com/b/msrc/archive/2014/03/06/advance-notification-server-for-the-march-2014-security-bulletin-release.aspx
TechNet:
http://technet.microsoft.com/en-us/security/bulletin/ms14-mar

Tags:

Microsoft Security Bulletin for February 2014

On Tuesday, February 11, 2014, at approximately 10:00 a.m. PST Microsoft is planning to release five bulletins.

Two Critical updates address vulnerabilities in Microsoft Windows and Security Software while the three Important-rated updates address issues in Windows and the .NET Framework.

MSRC: http://blogs.technet.com/b/msrc/archive/2014/02/06/advance-notification-service-for-february-2014-security-bulletin-release.aspx

TechNet: http://technet.microsoft.com/en-us/security/bulletin/ms14-feb

Tags:

Krebs: Jan 14 Security Updates for Windows, Java, Flash & Reader

Krebs On Security

Adobe, Microsoft and Oracle today each issued security updates to fix serious vulnerabilities in their products. Adobe released patches for AIR, Acrobat, Flash and Reader, while Microsoft pushed out fixes to shore up at least a half dozen security weaknesses in Windows and Office. Oracle released an update for Java that fixes at least three dozen security holes in the widely-used program.

http://krebsonsecurity.com/2014/01/security-updates-for-windows-flash-reader/

Tags: ---

Microsoft Security Bulletin for January 2014

On Tuesday, January 14, 2014, Microsoft is planning to release four bulletins.

All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described in Security Advisory 2914486. We have only seen this issue used in conjunction with a PDF exploit in targeted attacks and not on its own. This only impacts customers using Windows XP or Server 2003 as more recent Windows versions are not affected.

As always, we’ve scheduled the security bulletin release for the second Tuesday of the month, January 14, 2014, at approximately 10:00 a.m. PST.

MSRC: http://blogs.technet.com/b/msrc/archive/2014/01/09/advance-notification-service-for-the-january-2014-security-bulletin-release.aspx

TechNet: http://technet.microsoft.com/en-us/security/bulletin/ms14-jan

Tags:

Avoiding Weak Passwords

Microsoft Research
Avoiding Vulnerable Passwords—and Rules, Too
Telepathwords

Snippet:

The free online research tool, launched Dec. 5, is called Telepathwords. Users can visit the project website and test the strength of their passwords—current ones, past ones, or ones they’re considering using.

“The system doesn’t ask the user to learn anything up-front or follow any specific rules,” Schechter says. “Rather, as you type each key of your intended password, it displays the characters it thinks you’re most likely to type next. If it succeeds in predicting one or more characters of the rest of your password, the evidence that these characters are predictable will be right in front of your eyes.”

Read the complete article: http://research.microsoft.com/en-us/news/features/telepathwords-120513.aspx

Tags: -

Microsoft Security Bulletin for December 2013

Tuesday, December 10, 2013, Microsoft is planning to release 11 bulletins, five Critical and six Important.

The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666.

This release won’t include an update for the issue described in Security Advisory 2914486. We’re still working to develop a security update and we’ll release it when ready. Until then, we recommend folks review the advisory and apply the suggested workaround on their Windows XP and Windows Server 2003 systems. Customers with more recent versions of Windows are not affected by this issue.

MSRC: http://blogs.technet.com/b/msrc/archive/2013/12/05/advance-notification-service-for-december-2013-security-bulletin-release.aspx

TechNet: http://technet.microsoft.com/en-us/security/bulletin/ms13-dec

Tags:

Microsoft Kinect Sign Language Translator

Microsoft Research Connections Team
Kinect Sign Language Translator – part 1
Guobin Wu

There are more than 20 million people in China who are hard of hearing, and an estimated 360 million such people around the world, so this project has immense potential to generate positive social impact worldwide.

http://blogs.msdn.com/b/msr_er/archive/2013/10/29/kinect-sign-language-translator.aspx

Kinect Sign Language Translator – part 2
Stewart Tansley
http://blogs.msdn.com/b/msr_er/archive/2013/10/30/kinect-sign-language-translator-part-2-of-2.aspx

Tags: -

Microsoft Security Bulletin for November 2013

Security TechCenter

This is an advance notification of security bulletins that Microsoft is intending to release on November 12, 2013.

This bulletin advance notification will be replaced with the November bulletin summary on November 12, 2013. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

http://technet.microsoft.com/en-us/security/bulletin/ms13-nov

November Bulletins: Three Critical, Five Important.
Security Bulletin Severity Rating System

Edit

MSRC
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release

Dustin C. Childs
http://blogs.technet.com/b/msrc/archive/2013/11/07/clarification-on-security-advisory-2896666-and-the-ans-for-the-november-2013-security-bulletin-release.aspx

Tags:

Internet Explorer 11 Available for Windows 7

IEBlog

Internet Explorer 11 (IE11) is available worldwide in 95 languages for download today. We will begin automatically updating Windows 7 customers to IE11 in the weeks ahead, starting today with customers running the IE11 Developer and Release Previews. With this final release, IE11 brings the same leading standards support–with improved performance, security, privacy, and reliability that consumers enjoy on Windows 8.1—to Windows 7 customers.

http://blogs.msdn.com/b/ie/archive/2013/11/07/ie11-for-windows-7-globally-available-for-consumers-and-businesses.aspx

Tags: -