February 8, 2011 - Hello all -- Today, as part of our monthly security bulletin release, we have 12 bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and IIS (Internet Information Services). Three bulletins are rated Critical, and these are the bulletins we recommend for priority deployment: (continue reading...) Read more
February 8, 2011 - Big news today: We have an industry first - HP/TippingPoint's Zero Day Initiative (ZDI), a vulnerability broker, opens 22 new 0-day vulnerabilities in accordance with their recently changed disclosure policy. We (continue reading...) Read more
February 5, 2011 - Aryeh Goretsky posted a blog about a trojan program in a Microsoft catalog update. I thought it might be a little interesting to know how this can happen and why it doesn’t happen more often. As it turns out, it (continue reading...) Read more
February 4, 2011 - UPDATE #1 Randy Abrams has posted a follow-up article, Anatomy of a Biting Bunny – The Infected Microsoft Catalog Update with additional information about how update services work, why they might distribute third-party code and what might be done to (continue reading...) Read more
February 3, 2011 - Just a quick follow up on the Microsoft Security Advisory (2501696) post that my colleague Randy Abrams wrote about on January 28th regarding Microsoft's recent MHTML vulnerability, which is listed by ESET as HTML/Exploit.CVE-2011-0096.A in our (continue reading...) Read more
February 3, 2011 - Update Adobe will also use this patch Tuesday to ship an update for Adobe Reader X. Adobe Reader X is the most recent version of Adobe Reader and has incorporated sandbox technology to (continue reading...) Read more
February 3, 2011 - Hello all - Today, as part of our usual monthly bulletin cadence, we are providing our Advance Notification Service for February's security bulletins. This month, we'll release 12 bulletins, three of them rated Critical and nine rated Important, addressing issues in Microsoft (continue reading...) Read more
January 28, 2011 - There is a new vulnerability that affects all supported versions of Windows and some unsupported versions. For you techies the “Vulnerability in MHTML Could Allow Information Disclosure” advisory is at https://www.microsoft.com/technet/security/advisory/2501696.mspx. If you are not a techie you might want (continue reading...) Read more
January 28, 2011 - Microsoft has just released security advisory 2501696 acknowledging a new zero day flaw (continue reading...) Read more
January 28, 2011 - Hello. Today we're releasing Security Advisory 2501696, which describes a publicly disclosed scripting vulnerability affecting all versions of Microsoft Windows. The main impact of the vulnerability is unintended information disclosure. We're aware of published information and proof-of-concept code that attempts to exploit this vulnerability, but (continue reading...) Read more
January 27, 2011 - Today Microsoft published today Security Advisory 2501696 describing a vulnerability (CVE-2011-0096) in the MHTML handler present on all versions of Windows. The vulnerability allows the execution of an XSS attack (continue reading...) Read more
January 27, 2011 - You might have seen recent reports that Windows 7 Service Pack 1 (SP1) has been sent to computer manufacturers. Originating from Microsoft’s Russian TechNet site, the news triggered speculation that Microsoft will move ahead with the release of (continue reading...) Read more
January 17, 2011 - Finding Patch Tuesday on the calendar can be a bit like working out Easter. The date of Easter is determined by a combination (continue reading...) Read more
January 13, 2011 - Hello, Today we published the January Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast. We invite our customers to join us for the next public webcast on Wednesday, February 9th at (continue reading...) Read more
January 11, 2011 - This first Patch Tuesday in 2011 addresses the following Microsoft issues: Bulletin 1 (critical) addresses issues that are critical on Windows XP SP3, Vista and Windows 7 and issues that are important on Windows Server 2003, Windows Server (continue reading...) Read more
January 11, 2011 - Paul Henry, Security and Forensics Analyst for Lumension, discusses the impact of the January 2011 Patch Tuesday releases. Read more
January 11, 2011 - In the first Patch Tuesday of 2011, Microsoft published just two security bulletins, unsurprisingly named MS11-001 and MS11-002, fixing three vulnerabilities with two patches. All Microsoft security (continue reading...) Read more
January 11, 2011 - Hello - Today as part of our monthly security bulletin release we have two bulletins addressing three vulnerabilities in Microsoft Windows and Windows Server. This first bulletin is rated Important, while the second is rated Critical. MS11-001. This bulletin (continue reading...) Read more
January 11, 2011 - Microsoft January 2011 Patch Tuesday represents a slow start of 2011 as far as number of patches go. But while there are only two bulletins, there are a number of (continue reading...) Read more
January 6, 2011 - Hello everyone - It's a new year and the Microsoft Security Response Center is ready to provide the Advance Notice for January's security bulletins. We have two bulletins addressing three vulnerabilities in Windows. The first bulletin is Important and affects (continue reading...) Read more