Microsoft Releases Security Advisory 2914486

Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) found this issue being used on systems compromised by a third-party… Read more

Security and policy surrounding bring your own devices (BYOD)

As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device (BYOD) revolution, many IT departments across the globe are now facing increased security considerations.  While organizations encourage BYOD for cost savings and productivity, it is also important to have robust security… Read more

Microsoft .NET Framework 4.5.1 coming to WSUS

This post was authored by Vivek Mishra on behalf of the .NET Framework team. Hi WSUS Admins, The Microsoft .NET Framework 4.5.1 will be made available via Windows Server Update Services on 26 Nov 2013 and this blog highlights some of the key aspects. The .NET Framework is a development platform for building apps for Windows, Windows… Read more

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest. We’ve discussed the Microsoft… Read more

Authenticity and the November 2013 Security Updates

If you haven’t had a chance to see the movie Gravity, I highly recommend you take the time to check it out. The plot moves a bit slowly at times, but director Alfonso Cuaron’s work portrayal of zero gravity is worth the ticket price alone. Add in stellar acting and you end up with an… Read more

ActiveX Control issue being addressed in Update Tuesday

Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The security update will be… Read more

Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release

Today, we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office. While this release won’t include an update for the issue first described in Security Advisory… Read more

Microsoft Releases Security Advisory 2896666

Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not… Read more