threat mitigation

Date: Thursday, June 27, 2019 Time: 02:00 PM Eastern Daylight Time Duration: 1 hour The threat of a cyberattack is so eminent, organizations can no longer simply put up defenses and hope either they aren’t attacked, or defenses will hold should one Continue reading...

Original release date: March 27, 2018 Systems Affected Networked systems Overview According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and...

Severity Rating: Important Revision Note: V1.1 (October 11, 2016): Bulletin revised to correct a CVE ID. CVE-2016-7191 has been changed to CVE-2016-7211. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action. Summary...

Severity Rating: Important Revision Note: V1.0 (June 14, 2016): Bulletin published. Summary: This security update resolves vulnerabilites in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in...

Severity Rating: Important Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the...

Today we released security updates to provide protections against malicious attackers. As a best practice, we encourage customers to apply security updates as soon as they are released. More information about this month’s security updates and Link Removed can be found in the Security TechNet...

Original release date: April 30, 2015 Systems Affected Networked systems Overview Securing end-to-end communications plays an important role in protecting privacy and preventing some forms of man-in-the-middle (MITM) attacks. Recently, researchers described a MITM attack used to inject...

Lex Thomas welcomes Mark Simos, an Architect for the Cyber, Security and Identity team here at Microsoft, to discuss tools, techniques and services that are available to help mitigate “Pass-the-Hash” and other forms of cyber credential theft. Tune in as they give us an in-depth overview of the...

Severity Rating: Important Revision Note: V1.1 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2655992 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...

Severity Rating: Critical Revision Note: V2.2 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2536276 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...

Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this...

Resolves vulnerabilities in Windows Task Scheduler that could allow elevation of privilege if an attacker logged on to an affected system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on... More...

In November 2010, Microsoft released the first Security Bulletin (Link Removed due to 404 Error) against an Office 2010 component, in this case Microsoft Word. Approximately 6 months had elapsed since Office 2010 launched in May and while it's good for such a widely used product to be available...