Exploitability Index | Microsoft Security Response Center

February 2011 Security Bulletin Release

Tuesday, February 08, 2011

Hello all – Today, as part of our monthly security bulletin release, we have 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). Three bulletins are rated Critical, and these are the bulletins we recommend for priority deployment: o MS11-003. This bulletin resolves three critical-level and moderate-level vulnerabilities affecting all versions of Internet Explorer.

December 2010 Security Bulletin Release

Tuesday, December 14, 2010

Hi everyone. As part of our usual cycle of monthly security updates, today Microsoft is releasing 17 bulletins addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint Server and Exchange. Two of those bulletins carry a Critical rating, while 14 are rated Important and one is rated Moderate. We’ve assigned our highest deployment priority to the two Critical bulletins, though we recommend that customers deploy all updates as soon as possible.

September 2010 Security Bulletin Release

Monday, September 13, 2010

Hi everyone, With this month’s bulletin release, I want to highlight the great work done through our partnerships in the Microsoft Active Protections Program (MAPP). MAPP represents our commitment to community based defense and a shared sense of responsibility to help protect the computing ecosystem. In July of this year, the Stuxnet malware emerged onto the threat landscape and resulted in the release of an out-of-band security update, MS10-046, to address a zero-day vulnerability the malware used to compromise systems.

June 2010 Security Bulletin Release

Tuesday, June 08, 2010

Hi everyone, Today, as part of our regular monthly security bulletin release cycle, we released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework. Only three of these bulletins get our maximum severity rating of Critical.

February 2010 Security Bulletin Release

Tuesday, February 09, 2010

MSRC Bulletin Release Blog Post Hi everyone, As mentioned in our ANS blog post last week, today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office. In the post on Thursday, we mentioned that bulletins in the ANS listed as 1, 2, 3, and 6 were going to top our deployment priority list this month.

December 2009 Security Bulletin Release

Tuesday, December 08, 2009

Summary of Microsoft’s Security Bulletin Release for December 2009 As noted in our Advance Notification (ANS) last Thursday, for the December bulletin release we issued six security bulletins addressing 12 vulnerabilities. Affected products include Windows, Internet Explorer (IE) and Microsoft Office products. In the ANS, we also noted that the bulletin for IE (MS09-072) is at the top of our deployment priority list this month.

November 2009 Security Bulletin Release

Tuesday, November 10, 2009

Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). As we do every month, we have prepared our Risk & Impact and our Deployment Priority guidance to help customers assess risk to their environments and prioritize the deployment of this month’s updates.

October 2009 Security Bulletin Release

Tuesday, October 13, 2009

Summary of Microsoft’s Security Bulletin Release for October 2009 This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this the most bulletins Microsoft has ever released”?

September 2009 Security Bulletin Webcast Video and Customer Q and A

Friday, September 11, 2009

In the September 2009 security bulletin webcast, it was clear that customers had a lot of concerns about MS09-048 as almost half the questions we answered were on that topic. The questions and answers from the session are now posted here on the blog. As we mentioned in the webcast, The MS09-048 bulletin has been updated to call out Windows XP in the affected products list with a severity rating of low for the two Denial-of-Service vulnerabilities (the third, Remote Code Execution vulnerability, does not affect XP).

August 2009 Bulletin Release

Tuesday, August 11, 2009

Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note that five of the six critical updates also have an Exploitability Index rating of “1” which means that we could expect there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release.