exploitability

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft...

Hosts: Jonathan Ness, Security Development Manager, MSRC Pete Voss, Sr. Response Communications Manager, Trustworthy Computing Website: TechNet/Security Chat Topic: December 2011 Out-Of-Band Security Bulletin Release Date...

Revision Note: V1.1 (December 13, 2011): For MS11-099, corrected the severity ratings in the Affected Software table. For MS11-088, corrected the Key Note in the Exploitability Index. These are informational changes only. There were no changes to the security update files or detection logic...

Revision Note: V1.1 (December 13, 2011): For MS11-099, corrected the severity ratings in the Affected Software table. For MS11-088, corrected the Key Note in the Exploitability Index. These are informational changes only. There were no changes to the security update files or detection logic...

Hello, On this November Update Tuesday, we’re recapping the Link Removed, which Microsoft hosted in Redmond last week. We are also releasing four security updates, so please read on for details. Microsoft hosted its Link Removed of the BlueHat conference Nov. 2-4. The event featured...

Revision Note: V1.1 (August 10, 2011): For MS11-059, corrected restart requirement information in the Executive Summaries section. For MS11-065, corrected key note in the Exploitability Index for CVE-2011-1968. For MS11-068, revised Server Core notation for Windows Server 2008 and Windows Server...

Hello all. It has been very nearly a week since our Link Removed due to 404 Error at Black Hat. Now that everyone’s had some time to digest the basics, we’ve asked Senior Security Strategist and chief BlueHat Prize architect Katie Moussouris to stop by the Trustworthy Computing...

Today, the MSRC released its Link Removed due to 404 Errort highlighting advancements of key Microsoft programs designed to help prevent and defend against online threats. The Microsoft programs featured in this paper include the following: The Link Removed due to 404 Error (MAPP) and Link...

Hello there. First off, I’d like to share some news regarding the updates we made to the Autorun feature in Security Advisory 967940, which we released in February 2011. The advisory made changes to how Autorun handles “non-shiny” media (eg., USB thumb drives). The change was...

Oracle provided advance notification regarding the Oracle Java SE Critical Patch Update for June 2011. The update is scheduled to be released on Tuesday, June 7, 2011. The Critical Patch Update contains seventeen (17) new security vulnerability fixes for Java SE. As explained in the...

Hello everyone, Pete Voss here again, and as I previously mentioned in the Advanced Notification on Thursday, today we are releasing two bulletins to help protect customers. The bulletins address a Critical vulnerability in Microsoft Windows and two Important vulnerabilities in Microsoft Office...

Hello everyone, Today we are announcing changes to Microsoft’s Link Removed Since October 2008, we have used the Exploitability Index to provide customers with valuable exploitability analysis for our security bulletins, and starting Tuesday this information will become even more...

Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Link Removed a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of...

Hi all -- We're pleased to announce the release of the new Link Removed due to 404 Error. Fully revised and updated from the first edition, which was released in 2009, this edition focuses on best practices for prioritizing and testing security updates before deployment within your...

Hello all -- Today, as part of our monthly security bulletin release, we have three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment: Link Removed due to 404...

Revision Note: V1.1 (February 9, 2011): For MS11-013, corrected the Exploitability Index Assessment for CVE-2011-0091 to "3 – Functioning exploit code unlikely." This is an informational change only.Summary: This bulletin summary lists security bulletins released for February 2011. Link Removed...

Hello all -- Today, as part of our monthly security bulletin release, we have 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). Three bulletins are rated Critical, and these are the bulletins we recommend for...

Hello - Today as part of our monthly security bulletin release we have two bulletins addressing three vulnerabilities in Microsoft Windows and Windows Server. This first bulletin is rated Important, while the second is rated Critical. Link Removed due to 404 Error. This bulletin resolves...

Hello all. As part of our usual cycle of monthly updates, todayMicrosoft is releasing three security bulletins, addressing 11 vulnerabilities.One of the bulletins has a Critical severity rating, while the other two arerated Important. Recapping the trio: Link Removed due to 404 Error This...

Two years ago, in front of a standing-room only crowd here at Black Hat, we introduced three new information sharing programs as well as the concept of Community-Based Defense. The underlying concept shared by all three programs was simple-collaboration will be key to preventing and defending...