August 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server (MS13-061) and Windows Kernel (MS13-063).  There were 3 additional questions during the webcast that we were unable to answer on air, and we… Read more

August 2012 Security Bulletin Webcast, Q&A, and Slide Deck

Hello. Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls,  MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing trust certificates with RSA keys less than 1024 bit key lengths. Three additional questions were answered after… Read more

Announcing the BlueHat Prize for Advancement of Exploit Mitigations

Protecting the general computing ecosystem is a really tough job, and given some of the media headlines, it’s easy to get discouraged and wallow in the problems. It seems like we’re constantly bombarded with statistics measuring the number of bugs, vulnerabilities, or attacks in an attempt to build an accurate “state of the state.” The… Read more

Q&A from May 2011 Security Bulletin Webcast

Hello, Today we published the May Security Bulletin Webcast Questions & Answers page. We fielded twelve questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool.  There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the… Read more

Exploitability Index Improvements & Advance Notification Service for May 2011 Bulletin Release

Hello everyone, Today we are announcing changes to Microsoft’s Exploitability Index. Since October 2008, we have used the Exploitability Index to provide customers with valuable exploitability analysis for our security bulletins, and starting Tuesday this information will become even more comprehensive for those who use Microsoft’s latest platforms. The Exploitability Index assesses the likelihood of… Read more

Exploitability Index Improvements Now Offer Additional Guidance

Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Exploitability Index: a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of this month, we are making some changes to the rating system to… Read more