August 9, 2011 - Microsoft released 13 bulletins today, which is quite large for a summer Patch Tuesday, but only two of these bulletins were critical. There are nine rated (continue reading...) Read more
June 14, 2011 - Being the second Tuesday of the month, once again it is Patch Tuesday. This is the second (continue reading...) Read more
December 14, 2010 - Hi everyone. As part of our usual cycle of monthly security updates, today Microsoft is releasing 17 bulletins addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint Server and Exchange. Two of those bulletins carry a Critical rating, while 14 are rated Important (continue reading...) Read more
November 4, 2010 - Hello. We’ve issued our Advance Notification Service for the November ’10 security bulletin release. This time around we’re releasing three updates addressing 11 vulnerabilities in Microsoft Office and Unified Access Gateway (UAG). One bulletin carries a Critical severity rating; the other two are (continue reading...) Read more
February 5, 2010 - Microsoft Office 2010 will, by default, opt in to DEP (Data Execution Prevention), a feature (continue reading...) Read more
February 5, 2010 - Dion Blazakis provided me with a formal paper on the techniques he revealed yesterday to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) in Windows. (continue reading...) Read more
February 4, 2010 - Microsoft has released their advance notification for the February, 2010 Patch Tuesday, and it's a doozy. An unlucky 13 updates to Windows and Office will be released addressing 26 vulnerabilities. 11 of (continue reading...) Read more
January 12, 2010 - A vulnerability in the Windows Embedded OpenType Font Engine could lead to remote code execution as explained in MS10-001: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution, (continue reading...) Read more
January 8, 2010 - Search engine poisoning is an old story for malware, but Websense came up with a new twist on the problem: Poisoned results from the search box on office.microsoft.com. (See below for (continue reading...) Read more
January 4, 2010 - If you're bent on updating your social network status or checking out a new web site, firewalls be damned, Flexamail can help you update your accounts and receive web sites via email. Rather than engage in (continue reading...) Read more
December 15, 2009 - It used to be that end-of-year security predictions were bold and almost science-fictiony. They have become more conservative this year and therefore more reasonable. I've been barraged with them and have attempted to collect the best here.It's clear to me (continue reading...) Read more
December 11, 2009 - In the Twitter gab as last Patch Tuesday was unfolding, researcher Alex Sotirov complained that vendors weren't paying for those who found the bugs in their products, and that this was unjust.Most of the bug-finding for major products (continue reading...) Read more
December 8, 2009 - Microsoft has issued 6 updates, 3 of which are rated critical, to address a total of 11 (or 12, depending on how you count them) vulnerabilities in components of Windows and (continue reading...) Read more
December 3, 2009 - Next Tuesday, December 8, Microsoft will release 6 security bulletins and software updates to address the vulnerabilities described in them. 3 of the bulletins have a maximum rating of critical and (continue reading...) Read more