As we draw closer to the much-anticipated 2024 Olympic and Paralympic Games in Paris, the Cybersecurity and Infrastructure Security Agency (CISA) is taking proactive measures to ensure that these monumental events are safeguarded against an ever-evolving wave of cyber threats. Through the...
This is the first of a series of blog entries to give some insight into the Microsoft Security Response Center (MSRC) business and how we work with security researchers and vulnerability reports.
The Microsoft Security Response Center actively recognizes those security researchers who help us...
Original release date: October 14, 2016 | Last revised: November 30, 2016
Systems Affected
Internet of Things (IoT)—an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that connect to one another via the Internet, often automatically sending and receiving data...
As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to...
Microsoft releases additional updates for older platforms to protect against potential nation-state activity
Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of...
automatic updates
critical updates
customer guidance
defense innovations
legacy support
nations-state threats
security
threatlandscape
update
update catalog
windows 10
windows 7
windows 8.1
windows server 2008
windows server 2008 r2
windows server 2012
windows server 2012 r2
windows server 2016
windows vista
windows xp
We are truly in the midst of a revolution of cyber threats and, to everyone’s frustration, attackers have had the advantage for quite some time. The adversaries that enterprises face today are increasingly well-funded and they are experts at breaching well-fortified environments and deriving...
Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains...
Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) Link...
advisory
anti-virus
cybersecurity
email safety
firewalls
local privilege
malicious pdf
microsoft
protect your computer
remote code execution
security
security update
server 2003
tech support
threatlandscape
updates
user guidance
windows xp
workarounds
Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South...
anti-virus
customer guidance
emet
exploit
firewall
malware
microsoft
microsoft office
risk management
security advisory
software updates
threatlandscape
tiff codec
user interaction
vulnerability
windows server
windows vista
Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could...
active scripting
activex controls
advisory
anti-virus
cve-2013-3893
cybersecurity
firewall
fix it
internet explorer
microsoft
mitigation
remote code execution
response communications
security
security zones
software updates
threatlandscape
trusted sites
user caution
vulnerability
Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically...
Today, we released Security Advisory 2794220 regarding an issue that impacts Internet Explorer 6, 7, and 8. We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This...
activex
advisory
anti-virus
blog
emet
exploit
firewalls
internet explorer
malware
microsoft
mitigations
remote code execution
scripting
security
security zone
threatlandscape
trusted sites
updates
usability
vulnerabilities
Today we released Security Advisory 2755801 that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically...
adobe
advisory
automatic
coordination
customers
disclosure
flash player
internet explorer
management
microsoft
protection
quality
release timing
security
software
threatlandscape
update
update process
vulnerabilities
windows 8
Today we released Security Advisory 2757760 to address an issue that affects Internet Explorer 9 and earlier versions if a user views a website hosting malicious code. Internet Explorer 10 is not affected.
We have received reports of only a small number of targeted attacks and are working to...
On March 15, we became aware of public proof-of-concept code that results in denial of service for the issue addressed by MS12-020, which we released Tuesday.
We continue to watch the threat landscape and we are not aware of public proof-of-concept code that results in remote code execution...
active protections program
confidential information
customer protection
cve-2012-0002
denial of service
deployment
mapp program
microsoft
mitigation
ms12-020
optimal decisions
proof-of-concept
remote code execution
security
security update
software partners
threatlandscape
trustworthy computing
update
vulnerabilities
Protecting the general computing ecosystem is a really tough job, and given some of the media headlines, it’s easy to get discouraged and wallow in the problems. It seems like we’re constantly bombarded with statistics measuring the number of bugs, vulnerabilities, or attacks in an...
active protections program
bluehat prize
cash prizes
collaboration
computing ecosystem
customer solutions
cybersecurity
defensive technology
exploit mitigation
global security
incentives
industry collaboration
innovation
microsoft
research community
security challenges
security providers
security research
threatlandscape
vulnerabilities
Hello all --
Today, as part of our monthly security bulletin release, we have three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment:
Link Removed due to 404...
bulletin
critical
deployment
dll
exploitability
important
march 2011
mhtml
microsoft
monitoring
office
remote desktop
security
service pack
technet
threatlandscape
updates
vulnerabilities
webcast
windows
Hello,
Today we released Security Advisory 2488013 to address a public vulnerability that could affect customers using Internet Explorer 6, 7 and 8 if they visit a website hosting malicious code. Currently the impact of this vulnerability is limited and we are not aware of any affected...
Hello all. As part of our usual cycle of monthly updates, todayMicrosoft is releasing three security bulletins, addressing 11 vulnerabilities.One of the bulletins has a Critical severity rating, while the other two arerated Important. Recapping the trio:
Link Removed due to 404 Error This...
BH Landscape
Next week, many of us here will be heading down to Las Vegas for Black Hat. The MSRC, and other teams in Microsoft, have been attending Black Hat for years. In fact, we've been sponsoring the show for the last eight years-the last five as a platinum sponsor. Some might ask why...
attacks
black hat
bluehat
collaboration
community
coordinated disclosure
crisis management
disclosure
fixit
microsoft
msrc
network protection
research
security
telemetric
threatlandscape
training
trustworthy computing
update
vulnerabilities