Attack Vector

Assessing risk for the September 2013 security updates

Tuesday, September 10, 2013

Today we released thirteen security bulletins addressing 47 CVE’s. Four bulletins have a maximum severity rating of Critical while the other ten have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS13-069(Internet Explorer) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Rating
• Risk Asessment

Assessing risk for the August 2013 security updates

Tuesday, August 13, 2013

Today we released eight security bulletins addressing 23 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS13-059(Internet Explorer) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Mitigation
• Rating
• Risk Asessment

Assessing risk for the July 2013 security updates

Tuesday, July 09, 2013

Today we released seven security bulletins addressing 34 CVE’s. Six bulletins have a maximum severity rating of Critical, and one has a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS13-055(Internet Explorer) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Risk Asessment

Assessing risk for the June 2013 security updates

Tuesday, June 11, 2013

Today we released five security bulletins addressing 23 CVE’s. One bulletin has a maximum severity rating of Critical, and four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS13-047(Internet Explorer) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Risk Asessment

MS13-027: Addressing an issue in the USB driver requiring physical access

Tuesday, March 12, 2013

Today we are addressing a vulnerability in the way that the Windows USB drivers handle USB descriptors when enumerating devices. (KB 2807986). This update represents an expansion of our risk assessment methodology to recognize vulnerabilities that may require physical access, but do not require a valid logon session. Windows typically discovers USB devices when they are inserted or when they change power sources (if they switch from plugged-in power to being powered off of the USB connection itself).

Read More

• Attack Vector
• Kernel

Assessing risk for the January 2013 security updates

Tuesday, January 08, 2013

Today we released seven security bulletins addressing 12 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS13-002(MSXML) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Mitigations
• Rating
• Risk Asessment

MS13-001: Vulnerability in Print Spooler service

Tuesday, January 08, 2013

MS13-001 addresses a vulnerability in the way the Windows Print Spooler handles maliciously-crafted print jobs. The potential attack scenario is a little different than previous spooler service vulnerabilities so we’d like to share more details to help you assess the risk it may pose in your environment. Potential Attack Scenario

Read More

• Attack Vector
• Mitigations
• Risk Asessment

Assessing risk for the December 2012 security updates

Tuesday, December 11, 2012

Today we released seven security bulletins addressing 12 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max XI Likely first 30 days impact Platform mitigations and key notes MS12-077(Internet Explorer) Victim browses to a malicious webpage.

Read More

• Attack Vector
• Risk Asessment

Assessing risk for the November 2012 security updates

Tuesday, November 13, 2012

Today we released six security bulletins addressing 19 CVE’s. Four of the bulletins have a maximum severity rating of Critical, one has a maximum severity rating of Important, and one has a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Read More

• Attack Vector
• Mitigations
• Rating
• Risk Asessment

Assessing risk for the October 2012 security updates

Tuesday, October 09, 2012

Today we released seven security bulletins addressing 20 CVEs (7 Microsoft and 13 Oracle CVE’s). Only one of the bulletins is rated Critical. The other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Read More

• Attack Vector
• Mitigations
• Rating
• Risk Asessment
• Workarounds