August 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server (MS13-061) and Windows Kernel (MS13-063).  There were 3 additional questions during the webcast that we were unable to answer on air, and we…

0

August 2012 Security Bulletin Webcast, Q&A, and Slide Deck

Hello. Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls,  MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing trust certificates with RSA keys less than 1024 bit key lengths. Three additional questions were answered after…

0

Announcing the BlueHat Prize for Advancement of Exploit Mitigations

Protecting the general computing ecosystem is a really tough job, and given some of the media headlines, it’s easy to get discouraged and wallow in the problems. It seems like we’re constantly bombarded with statistics measuring the number of bugs, vulnerabilities, or attacks in an attempt to build an accurate “state of the state.” The…

0

Q&A from May 2011 Security Bulletin Webcast

Hello, Today we published the May Security Bulletin Webcast Questions & Answers page. We fielded twelve questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool.  There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the…

0

Exploitability Index Improvements & Advance Notification Service for May 2011 Bulletin Release

Hello everyone, Today we are announcing changes to Microsoft’s Exploitability Index. Since October 2008, we have used the Exploitability Index to provide customers with valuable exploitability analysis for our security bulletins, and starting Tuesday this information will become even more comprehensive for those who use Microsoft’s latest platforms. The Exploitability Index assesses the likelihood of…

0

Exploitability Index Improvements Now Offer Additional Guidance

Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Exploitability Index: a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of this month, we are making some changes to the rating system to…

0

MS10-046 Released Out-of-Band Today

Hello, As we announced on Friday, today we released Security Bulletin MS10-046 out-of-band to address a vulnerability in Windows. This security update addresses a vulnerability in the handling of shortcuts that affects all currently supported versions of Windows XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2. As our colleagues over in…

0

June 2010 Security Bulletin Release

Hi everyone, Today, as part of our regular monthly security bulletin release cycle, we released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework. Only three of these bulletins get our maximum severity rating of Critical. The rest are rated…

0

Guidance on Internet Explorer XSS Filter

The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002). This attack scenario involved modified HTTP responses, enabling XSS on sites that would not otherwise be vulnerable.    An additional update to the IE XSS Filter is currently scheduled for…

0

Out-of-Band Security Bulletin Webcast Q&A - March 30, 2010

Hosts:                          Adrian Stone, Senior Security Program Manager Lead                                     Jerry Bryant, Group Manager, Response Communications Website:                     TechNet/security Chat Topic:                 March 2010 Out-of-Band Security BulletinDate:                           Tuesday, March 30, 2010     Q: CVE-2010-0483, like CVE-2010-0806, is a remote code executable vulnerability with an exploit code that has been published and publicly available since March 1, 2010….

0