risk management

We have a few laptops in our office that we are looking at putting some encryption on as they often leave the office. Bitlocker seems the best solution with it already on Windows 10 and free. I just wonder is Bitlocker worth putting onto the desktop PCs that are in the office and don't ever...

For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...

Sponsored by: KeepItSafe - Date: Thursday, 12/14/17 at 2:00 PM EST Continue reading...

Today, a group of eight researchers from across the security industry released a research report on SHA-1 that demonstrates for the first time, a “hash collision” for the full SHA-1 hash algorithm (called “SHAttered”). This is a significant step toward understanding this type of security issue...

Severity Rating: Important Revision Note: V1.0 (October 11, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted...

Severity Rating: Important Revision Note: V1.0 (July 12, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to web-based...

Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability Link Removed. Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP...

Severity Rating: Critical Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An...

I recently made a support call to what I thought was HP customer support. The rep that answered tried to convince me I had a virus in my hard drive and that I needed to purchase Microsoft Forefront Security Service. At this point I ended the call, however I did foolishly allow the rep to access...

Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and...

It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work...

Severity Rating: Important Revision Note: V1.0 (November 12, 2013): Bulletin published. Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Outlook. The vulnerability could allow information disclosure if a user opens or previews a specially crafted email...

Hello I keep getting a reminder that protected mode is on and to click to disable it if I want. it pops up in my Outlook.com and some other sites. I can see in internet options under advanced where I can uncheck it but the increase risk is a concern. It also appears under MSIE 11 'security' both...

Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South...

Today, we are releasing 10 bulletins, addressing 33 vulnerabilities in Microsoft products. Before we get into the details, we wanted to first let our enterprise customers know about a change in how we’re communicating technical details within our security advisories. Starting today...

Severity Rating: Important Revision Note: V1.0 (September 11, 2012): Bulletin published. Summary: This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks...

Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this...

Before we dive into the July security updates, let’s change up the normal order and take a look at the two Security Advisories we are releasing today. One takes an exciting step into the future, while the other prepares us to take an equally important step away from the past. Security...

As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework...

Severity Rating: Important Revision Note: V4.3 (March 13, 2012): Added an entry to the update FAQ to announce a detection change for KB2565063 and KB2565057 to correct an installation issue. This is a detection change only. There were no changes to the security update files...