exploitability

Revision Note: V2.0 (February 10, 2016): For MS16-014, Bulletin Summary revised to announce the availability of update 3126041 for Microsoft Windows Vista, Windows Server 2008, Windows Server 2008 for Itanium-based Systems, Windows 8.1, and Windows Server 2012 R2. Customers should apply the...

Today, as part of Update Tuesday, we released 11 security bulletins. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI), visit the Microsoft Bulletin Summary webpage. If you...

Today, as part of Update Tuesday, we released nine security updates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). We encourage you to apply all of these...

This month we release eight bulletins – four Critical and four Important - which address 26 unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080...

There are those I’ve met who think my life is something akin to the classic comedy Groundhog Day. No, I don’t wake up to the musical stylings of Sonny and Cher each morning, but month after month after month, the second Tuesday rolls around and I’m involved in releasing...

Today, we are releasing 10 bulletins, addressing 33 vulnerabilities in Microsoft products. Before we get into the details, we wanted to first let our enterprise customers know about a change in how we’re communicating technical details within our security advisories. Starting today...

Revision Note: V1.2 (February 13, 2013): For MS13-014, corrected the Exploitability Assessment for Latest Software Release in the Exploitability Index for CVE-2013-1281. Summary: This bulletin summary lists security bulletins released for February 2013. More...

As I previously mentioned in the Advance Notification blog on Thursday, today we are releasing two security bulletins, both of which are rated Important. These bulletins will increase protection by addressing two unique vulnerabilities in the following Microsoft products: MS12-061 (Visual...

Revision Note: V1.1 (July 10, 2012): Removed CVE-2012-1860 from the Exploitability Index because the vulnerability has a Moderate severity rating. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included in the Exploitability Index...

Ever wondered where Update Tuesday bulletins come from, or what it’s like around Microsoft when a serious information-security situation arises? Or wondered who precisely is responsible for getting your monthly bulletin releases out the door? Update Tuesday, which brings us here today, is...

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft...

Revision Note: V1.1 (December 13, 2011): For MS11-099, corrected the severity ratings in the Affected Software table. For MS11-088, corrected the Key Note in the Exploitability Index. These are informational changes only. There were no changes to the security update files or detection logic...

Revision Note: V1.1 (December 13, 2011): For MS11-099, corrected the severity ratings in the Affected Software table. For MS11-088, corrected the Key Note in the Exploitability Index. These are informational changes only. There were no changes to the security update files or detection logic...

Hello, On this November Update Tuesday, we’re recapping the Link Removed, which Microsoft hosted in Redmond last week. We are also releasing four security updates, so please read on for details. Microsoft hosted its Link Removed of the BlueHat conference Nov. 2-4. The event featured...

Revision Note: V1.1 (August 10, 2011): For MS11-059, corrected restart requirement information in the Executive Summaries section. For MS11-065, corrected key note in the Exploitability Index for CVE-2011-1968. For MS11-068, revised Server Core notation for Windows Server 2008 and Windows Server...

Today, the MSRC released its Link Removed due to 404 Errort highlighting advancements of key Microsoft programs designed to help prevent and defend against online threats. The Microsoft programs featured in this paper include the following: The Link Removed due to 404 Error (MAPP) and Link...

Hello there. First off, I’d like to share some news regarding the updates we made to the Autorun feature in Security Advisory 967940, which we released in February 2011. The advisory made changes to how Autorun handles “non-shiny” media (eg., USB thumb drives). The change was...

Hello everyone, Pete Voss here again, and as I previously mentioned in the Advanced Notification on Thursday, today we are releasing two bulletins to help protect customers. The bulletins address a Critical vulnerability in Microsoft Windows and two Important vulnerabilities in Microsoft Office...

Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Link Removed a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of...

Hi all -- We're pleased to announce the release of the new Link Removed due to 404 Error. Fully revised and updated from the first edition, which was released in 2009, this edition focuses on best practices for prioritizing and testing security updates before deployment within your...