Microsoft Security Bulletin

//Microsoft Security Bulletin

Now It’s Microsoft’s Turn, SSL Vulnerability in SCHANNEL

It's official, all major SSL stacks are now vulnerable.  There are already a number of detailed blogs written about this new vulnerability, so I am not going to rewrite all of the details.  I am going to sum it up and bottom line it for you.  Here is a good detailed account of the issue if you are interested. SCHANNEL is to Windows in the same way OpenSSL is to Linux.  It is used in almost all instances where Windows is listening for SSL traffic. Many people are claiming this is something that needs to be pushed out asap, but as [...]

By | 2014-11-21T18:20:21+00:00 November 12th, 2014|Microsoft, Microsoft Security Bulletin, Patches|Comments Off on Now It’s Microsoft’s Turn, SSL Vulnerability in SCHANNEL

Microsoft Security Bulletin: May 2014

Critical Updates: 3 Important Updates: 6 Of the 3 critical updates, all three are likely exploitable according to Microsoft.  Our recommendation is to install all three patches, one of which is the recent out-of-band patch for the Internet Explorer zero-day.  Note: Some of these updates do require a restart. Some of the vulnerabilities, such as one for Microsoft SharePoint Server, have a more limited scope than those targeting IE, such as the updates that address memory corruption vulnerabilities in Internet Explorer. These are more likely to be exploited and will impact many more devices. For more information: https://technet.microsoft.com/library/security/ms14-may    

Internet Explorer Zero Day – Emergency Patch Released, includes XP

UPDATED 5/1/2014: Microsoft has released an emergency out-of-band update for Internet Explorer that resolves this issue.  They are including updates to IE in Windows XP as well.  We recommended deploying this update as soon as possible. Microsoft released an advisory on April 26th: Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been [...]

Microsoft Word Zero Day – Confirmed Attacks

Microsoft released a zero-day advisory for Microsoft Word.  According to Microsoft, "At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer." A patch should be released on April 8th, Patch Tuesday. For now, an immediate mitigation is to Disable opening RTF content in Microsoft Word, which prevents the exploitation of this issue [...]

March 2014 Microsoft Security Bulletin Release

For this month’s round of patches Microsoft has released five new security bulletins, two of which are for critical vulnerabilities.  The first critical update is a cumulative security update which resolves numerous vulnerabilities that could allow remote code execution in both workstation and server operating systems.  The second update is an update specifically for Microsoft DirectShow which could also allow remote code execution in both workstation and server operating systems. In addition to the security bulletins, Microsoft also released an updated version of the Microsoft Windows Malicious Software Removal Tool, and re-released a security advisory update for vulnerabilities in Adobe [...]

Microsoft January Security Bulletin

Today Microsoft released four security bulletins. All five have a maximum severity rating of Important. Source:https://technet.microsoft.com/en-us/security/bulletin/ms14-jan

Microsoft December Security Bulletin

Today Microsoft released eleven security bulletins addressing 24 CVE’s. Five bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. http://blogs.technet.com/b/srd/archive/2013/12/10/assessing-risk-for-the-december-2013-security-updates.aspx

Microsoft November Security Bulletin

Today Microsoft released eight security bulletins addressing 19 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. http://blogs.technet.com/b/srd/archive/2013/11/12/assessing-risk-for-the-november-2013-security-updates.aspx

Microsoft September Security Bulletin

This bulletin listed 4 critical and 9 important vulnerabilities. Source: http://technet.microsoft.com/en-us/security/bulletin/ms13-sep