March 8, 2011 - Microsoft is releasing a relatively low number of three security bulletins covering four vulnerabilities in March's Patch Tuesday 2011. Of the three bulletins, only one is of critical severity: MS11-015. It addresses (continue reading...) Read more
March 8, 2011 - Hello all -- Today, as part of our monthly security bulletin release, we have three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment: (continue reading...) Read more
March 7, 2011 - Microsoft has launched another salvo in its campaign to hammer the final nail into the coffin of an outdated, insecure product: Internet Explorer 6. The problem with Internet Explorer 6 is that Microsoft no longer supports it, and the creaky old (continue reading...) Read more
March 3, 2011 - Next Tuesday, March 8, Microsoft will release three security bulletins in their monthly patch cycle. One of the bulletins is rated as critical while the (continue reading...) Read more
March 3, 2011 - Hello all -- Today, as part of our usual monthly bulletin cadence, we are providing our Advance Notification Service for March's security bulletins. This month we'll release three bulletins, one of them rated Critical and two rated Important, addressing issues (continue reading...) Read more
February 23, 2011 - Microsoft tried to push an update to their newly released Windows Phone 7 this week and accidentally bricked some Samsung-branded handsets. Microsoft has since (continue reading...) Read more
February 23, 2011 - The rumors have been circulating for months, but it appears that service pack 1 is now available for Windows 7 and Windows 2008 R2. Microsoft (continue reading...) Read more
February 21, 2011 - Michael Argast joined me in Vancouver this week to discuss this week's security news. It was a reasonably quiet week, which is quite normal (continue reading...) Read more
February 10, 2011 - Hello, Today we published the February Security Bulletin Webcast Questions & Answers page. We fielded 12 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for (continue reading...) Read more
February 9, 2011 - Here's some good news for anyone who has been struck by auto-running malware from a USB stick in the past. Microsoft has rolled-out an "important, non-security update" through Windows Update, changing the behaviour (continue reading...) Read more
February 9, 2011 - System administrators and security experts are focusing on Patch Tuesday every month (also known as Microsoft Black Tuesday or MS Tuesday). This time Microsoft patched many important vulnerabilities, but have they fixed all currently known zero days? Let's find out. This time, on February (continue reading...) Read more
February 8, 2011 - Paul Henry, Security and Forensics Analyst for Lumension, discusses the impact of the February 2011 Patch Tuesday releases. Read more
February 8, 2011 - This is a very disruptive Patch Tuesday with several updates impacting nearly the full operating system product line from Microsoft and requiring a reboot. While a pair of Zero Day security issues have now been patched, we still have not (continue reading...) Read more
February 8, 2011 - Hi! I'm Adam Shostack, a program manager working in TWC Security, and I'd like to talk a bit about today's AutoRun update. Normally, I post over on the SDL blog, but of late I've been doing a lot of work in classifying and (continue reading...) Read more
February 8, 2011 - Hello all -- Today, as part of our monthly security bulletin release, we have 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). Three bulletins are rated Critical, and these are the bulletins we recommend for priority deployment: (continue reading...) Read more
February 8, 2011 - Big news today: We have an industry first - HP/TippingPoint's Zero Day Initiative (ZDI), a vulnerability broker, opens 22 new 0-day vulnerabilities in accordance with their recently changed disclosure policy. We (continue reading...) Read more
February 5, 2011 - Aryeh Goretsky posted a blog about a trojan program in a Microsoft catalog update. I thought it might be a little interesting to know how this can happen and why it doesn’t happen more often. As it turns out, it (continue reading...) Read more
February 4, 2011 - UPDATE #1 Randy Abrams has posted a follow-up article, Anatomy of a Biting Bunny – The Infected Microsoft Catalog Update with additional information about how update services work, why they might distribute third-party code and what might be done to (continue reading...) Read more
February 3, 2011 - Just a quick follow up on the Microsoft Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding Microsoft's recent MHTML vulnerability, which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our (continue reading...) Read more
February 3, 2011 - Update Adobe will also use this patch Tuesday to ship an update for Adobe Reader X. Adobe Reader X is the most recent version of Adobe Reader and has incorporated sandbox technology to (continue reading...) Read more