Skip to main content
MSRC

Risk Asessment

Assessing risk for the March 2013 security updates

Tuesday, March 12, 2013

Today we released seven security bulletins addressing 20 CVE’s. Four of the bulletins have a maximum severity rating of Critical, and three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS13-021(Internet Explorer) Victim browses to a malicious webpage.

Read More

Assessing risk for the February 2013 security updates

Tuesday, February 12, 2013

Today we released twelve security bulletins addressing 57 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS13-010(VML) Victim browses to a malicious webpage.

Read More

Assessing risk for the January 2013 security updates

Tuesday, January 08, 2013

Today we released seven security bulletins addressing 12 CVE’s. Two of the bulletins have a maximum severity rating of Critical, and five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Index Likely first 30 days impact Platform mitigations and key notes MS13-002(MSXML) Victim browses to a malicious webpage.

Read More

Assessing risk for the December 2012 security updates

Tuesday, December 11, 2012

Today we released seven security bulletins addressing 12 CVE’s. Five of the bulletins have a maximum severity rating of Critical, and two have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max XI Likely first 30 days impact Platform mitigations and key notes MS12-077(Internet Explorer) Victim browses to a malicious webpage.

Read More

MS12-074: Addressing a vulnerability in WPAD’s PAC file handling

Tuesday, November 13, 2012

Today we released MS12-074, addressing a Critical class vulnerability in the .NET Framework that could potentially allow remote code execution with no user interaction. This particular CVE, CVE-2012-4776, could allow an attacker on a local network to host a malicious WPAD PAC file containing script code which could be executed on a victim machine without requiring any type of authentication or user interaction.

Read More

More information on Security Advisory 2757760's Fix It

Wednesday, September 19, 2012

Today, we revised Security Advisory 2757760 with two new pieces of information: A Fix It solution is available to address the vulnerability via an app-compat shim The comprehensive security update will be released out-of-band on Friday. In this blog post, we’d like to explain more about the vulnerability and explain how the Fix It solution addresses the issue.

Read More

Assessing risk for the August 2012 security updates

Tuesday, August 14, 2012

Today we released nine security bulletins addressing 26 CVE’s (13 Microsoft and 13 Oracle CVE’s). Five of the bulletins have a maximum severity rating of Critical and the other four have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

Read More