- Joined
- Jun 27, 2006
- Messages
- 23,048
- Thread Author
- #1
Today, as part of Update Tuesday, we released nine security updates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize their deployment planning, we recommend focusing on the Critical updates first.
Here’s an overview slide and video of the security updates released today:
Click to enlarge
Microsoft also revised Link Removed.
For more information about this month’s security updates, including the detailed view of the Exploit Index broken down by each CVE, visit the Microsoft Bulletin Summary Web page. If you are not familiar with how we calculate the Exploitability Index (XI), a full description is found Link Removed.
You may notice a revision in the XI this month, which aims to better characterize the actual risk to a customer on the day the security update is released. Customers will see new wording for the rating, including a new rating of “0” for “Exploitation Detected.” More information about XI can be found here: Link Removed.
Last week, Microsoft announced some other news that relates to Update Tuesday:
Jonathan Ness and I will host the monthly bulletin webcast, scheduled for Wednesday, August 13, 2014, at 11 a.m. PDT.
For all the latest information, you can also follow the MSRC team on Twitter at Link Removed.
Thanks,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing
Continue reading...
Here’s an overview slide and video of the security updates released today:
Click to enlarge
Microsoft also revised Link Removed.
For more information about this month’s security updates, including the detailed view of the Exploit Index broken down by each CVE, visit the Microsoft Bulletin Summary Web page. If you are not familiar with how we calculate the Exploitability Index (XI), a full description is found Link Removed.
You may notice a revision in the XI this month, which aims to better characterize the actual risk to a customer on the day the security update is released. Customers will see new wording for the rating, including a new rating of “0” for “Exploitation Detected.” More information about XI can be found here: Link Removed.
Last week, Microsoft announced some other news that relates to Update Tuesday:
- On August 5, Windows published a Link Removed discussing its non-security update strategy moving forward, which is now on a monthly cadence as part of Update Tuesday.
- On August 6, IE announced in its Link Removed that it would begin blocking out-of-date ActiveX controls. This feature will be part of the August IE Cumulative Security Update, but no out-of-date ActiveX controls will be blocked for 30 days in order to give customers time to test and manage their environments.
- On August 7, Link Removed and Link Removed announced that Microsoft will support only the most recent versions of .NET and IE for each supported operating system.
Jonathan Ness and I will host the monthly bulletin webcast, scheduled for Wednesday, August 13, 2014, at 11 a.m. PDT.
For all the latest information, you can also follow the MSRC team on Twitter at Link Removed.
Thanks,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing
Continue reading...
