bulletin

Severity Rating: Important Revision Note: V1.0 (January 14, 2014): Bulletin published. Summary: This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected...

Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described...

Two weeks ago I, along with 7,500 of my closest friends, attended the Black Hat security conference in Las Vegas, NV. I can’t speak for everyone, but I certainly had a great – if not exhausting – time while there. While there were a lot of great talks, a personal highlight for me each year is...

Today we’re publishing the Link Removed. We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin (MS13-096), Security Advisory 2915720 and Security Advisory 2905247. We also wanted to note a new blog on the Microsoft Security Blog site on...

On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update. We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear...

There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast...

Severity Rating: Critical Revision Note: V1.0 (December 10, 2013): Bulletin published. Summary: This security update resolves seven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted...

Severity Rating: Important Revision Note: V1.0 (December 10, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Windows. The vulnerability could allow elevation of privilege if an attacker sends a specially crafted LPC port message to any LPC...

Severity Rating: Critical Revision Note: V1.0 (December 10, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially...

Revision Note: V1.0 (December 10, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update for all supported releases of Windows to change how signatures are verified for binaries signed with the Windows Authenticode signature format. The change is included with...

Original release date: November 13, 2013 | Last revised: November 16, 2013 Systems Affected Windows Operating System and Components Microsoft Office Internet Explorer Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address...

Today we’re publishing the Link Removed. The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest. We’ve discussed the Microsoft...

Severity Rating: Important Revision Note: V1.0 (November 12, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if an attacker logs on to an affected system as a local...

Severity Rating: Important Revision Note: V1.0 (November 12, 2013): Bulletin published. Summary: This security update resolves three privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a specially crafted WordPerfect document file is...

Severity Rating: Critical Revision Note: V1.0 (November 12, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability exists in the InformationCardSigninHelper Class ActiveX control. The vulnerability...

Severity Rating: Important Revision Note: V1.0 (November 12, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service when an affected web service processes a specially crafted X.509...

Today, we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office. While...

On October 1, 2003, Microsoft announced it would move to a monthly security bulletin cadence. Today, marks 10 years since that first monthly security update. We looked at many ways to improve our security preparedness and patch timing was the number one customer request. Your feedback was clear...

This month we release eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080...

Severity Rating: Important Revision Note: V1.0 (October 8, 2013): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Microsoft Silverlight. The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially...