Archive

Archive for the ‘Internet Explorer’ Category

February 2015 Updates

February 10th, 2015 No comments

Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. 

We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here.

We re-released one Security Bulletin:

One new Security Advisory was released:

One Security Advisory was revised:

We also announced changes related to SSL 3.0 and you can read more about these on the IE blog.

For the latest information, you can follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse.

MSRC Team

February 2015 Updates

February 10th, 2015 No comments

Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software. 

We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here.

We re-released one Security Bulletin:

One new Security Advisory was released:

One Security Advisory was revised:

We also announced changes related to SSL 3.0 and you can read more about these on the IE blog.

For the latest information, you can follow the Microsoft Security Response Center (MSRC) team on Twitter at @MSFTSecResponse.

MSRC Team

January 2015 Updates

January 13th, 2015 No comments

Today, as part of Update Tuesday, we released eight security updates – one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows.

We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here.

We re-released one Security Bulletin:

One Security Advisory was revised:

For the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

MSRC Team

January 2015 Updates

January 13th, 2015 No comments

Today, as part of Update Tuesday, we released eight security updates – one rated Critical and seven rated Important in severity, to address eight unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows.

We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here.

We re-released one Security Bulletin:

One Security Advisory was revised:

For the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

MSRC Team

December 2014 Updates

December 9th, 2014 No comments

Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange.

We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here.

We re-released two Security Bulletins:

 One Security Advisory was revised:

 For the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

Tracey Pretorius, Director
Response Communications

December 2014 Updates

December 9th, 2014 No comments

Today, as part of Update Tuesday, we released seven security updates – three rated Critical and four rated Important in severity, to address 24 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Internet Explorer (IE), Office and Exchange.

We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploit Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate XI, a full description can be found here.

We re-released two Security Bulletins:

 One Security Advisory was revised:

 For the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

Tracey Pretorius, Director
Response Communications

Advance Notification Service for the December 2014 Security Bulletin Release

December 4th, 2014 No comments

Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer (IE), Office and Exchange.

As per our monthly process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, December 9, 2014, at approximately 10 a.m. PDT. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

Follow us on Twitter at @MSFTSecResponse

Tracey Pretorius, Director
Response Communications

Advance Notification Service for the December 2014 Security Bulletin Release

December 4th, 2014 No comments

Today, we provide advance notification for the release of seven Security Bulletins. Three of these updates are rated Critical and four are rated as Important in severity. These updates are for Microsoft Windows, Internet Explorer (IE), Office and Exchange.

As per our monthly process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, December 9, 2014, at approximately 10 a.m. PDT. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

Follow us on Twitter at @MSFTSecResponse

Tracey Pretorius, Director
Response Communications

Available now: Security update for Internet Explorer

May 1st, 2014 No comments

Today, Microsoft released a security update for Internet Explorer, that we blogged about earlier this week.

You probably already have automatic updates enabled and will not need to take any action. The update will be downloaded and installed automatically. If you’re unsure if you have automatic updates, or if you haven’t already enabled automatic updating, now is the time.

Windows XP is no longer supported by Microsoft, however, we decided to issue a security update for our Windows XP customers. We continue to encourage our customers to upgrade to a modern operating system, such as Windows 7 or 8.1 and use Internet Explorer 11, the latest version of our web browser.

We encourage you to take steps that protect your computer such as enabling a firewall, applying all software updates, and installing antivirus and antispyware software.

Stay up-to-date with the latest version of Internet Explorer.

For more information, please see the Official Microsoft blog

Guidance for Internet Explorer vulnerability

April 29th, 2014 No comments

On April 26, 2014, Microsoft notified customers of a vulnerability in Internet Explorer. To date, we are aware of limited, targeted attacks and are working on a fix.

UPDATE: Microsoft released a security update for this vulnerability on May 1. For more information, see Available now: Security update for Internet Explorer.

We encourage you to take steps that protect your PC such as enabling a firewall, applying all software updates, and installing antivirus and antispyware software.

In addition:

1. Exercise caution when visiting untrusted websites. Avoid clicking suspicious links or opening email messages from unfamiliar senders, which could send you to a malicious website that delivers malware to your computer.

2. Turn on “Enhanced Protected Mode” in Internet Explorer 10 and 11. Some versions of Internet Explorer have this setting on by default. To turn on Enhanced Protected Mode:

a. Click Tools in the Internet Explorer task bar and then Internet Options.

b. Click on the Advanced tab and then check the box next to Enhanced Protected Mode.

3. Download and install EMET 4.1, a Microsoft security tool, for an additional layer of protection.

As criminals become more sophisticated, it is important to keep current with software that has the latest security protections built in. Modern browsers and operating systems have greater security features than older operating systems.

Note: Microsoft no longer provides security updates for the Windows XP operating system and encourages upgrading to a modern operating system like Windows 8.

To learn more, visit How to boost your malware defense and protect your PC.

Get the latest version of Internet Explorer

April 24th, 2014 No comments

Microsoft released an updated version of Internet Explorer this month, and it’s available as a free download on Windows 8.1, Windows 7, and Windows Phone 8.1. To increase your security and privacy, it’s important that you use the latest version of any software, but especially your web browser. This new version of Internet Explorer also includes new features that make it easier to browse the web on a variety of devices.

Learn more at the Internet Explorer blog.

If you have automatic updating turned on, you already have the latest version of Internet Explorer.

Learn how to get updates like this one, as well as security updates for all your Microsoft software automatically.

Get the latest version of Internet Explorer

April 24th, 2014 No comments

Microsoft released an updated version of Internet Explorer this month, and it’s available as a free download on Windows 8.1, Windows 7, and Windows Phone 8.1. To increase your security and privacy, it’s important that you use the latest version of any software, but especially your web browser. This new version of Internet Explorer also includes new features that make it easier to browse the web on a variety of devices.

Learn more at the Internet Explorer blog.

If you have automatic updating turned on, you already have the latest version of Internet Explorer.

Learn how to get updates like this one, as well as security updates for all your Microsoft software automatically.

Categories: Internet Explorer, Windows Phone Tags:

Heartbleed: What you need to know

April 10th, 2014 No comments

On April 8, 2014, security researchers announced a flaw in the software that is used to protect your information on the web. The vulnerability, known as “Heartbleed,” could potentially allow a cyberattacker to access personal information.

After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer, and Skype, along with most Microsoft Services, are not impacted by the “Heartbleed” vulnerability. A few services continue to be reviewed and updated with further protections.

We encourage you to be careful what information you provide to websites and help protect the security of your online accounts by using different passwords for different websites, changing your passwords often, and making your passwords as complex as possible.

For more information, see Microsoft Services unaffected by Open SSL “Heartbleed” vulnerability.

Get the latest security updates and find out what to do if your computer is running Windows XP

April 8th, 2014 No comments

Microsoft releases security updates on the second Tuesday of every month.

Support for Windows XP has ended

Microsoft has provided support for Windows XP for the past 12 years. But the time has come for us, along with our hardware and software partners, to invest our resources toward supporting more recent technologies so that we can continue to deliver great new experiences.

As a result, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date. (If you already have Microsoft Security Essentials installed, you will continue to receive antimalware signature updates for a limited time, but this does not mean that your PC will be secure because Microsoft will no longer provide security updates to help protect your PC.)

More information

Tax scams: 6 ways to help protect yourself

March 20th, 2014 No comments

We’ve received reports that cybercriminals are at it again, luring unsuspecting taxpayers in the United States into handing over their personal information as they rush to file their taxes before the deadline.

Here are 6 ways to help protect yourself.

1.     Beware of all email, text, or social networking messages that appear to be from the IRS. Cybercriminals often send fraudulent messages meant to trick you into revealing your social security number, account numbers, or other personal information. They’ll even use the IRS logo. Read more about how the IRS does not initiate contact with taxpayers by email or use any social media tools to request personal or financial information.
2.       Use technology to help detect scams. Scams that ask for personal or financial information are called “phishing scams.” Internet Explorer, Microsoft Outlook, and other programs have anti-phishing protection built in. Read more about identity theft protection tools that can help you avoid tax scams.
3.       Check to see if you already have antivirus software. If a cybercriminal does fool you with a tax scam that involves downloading malware onto your computer, you might already be protected by your antivirus software. If your computer is running Windows 8, you have antivirus software built in. Download Microsoft Security Essentials at no cost for Windows 7 and Windows Vista. 
4.       Make sure the website uses secure technology. If you’re filing your taxes on the web, make sure that the web address begins with https, and check to see if a tiny locked padlock appears at the bottom right of the screen. For more information, see How do I know if I can trust a website and What is HTTPs?
5.       Think before you download tax apps. Download apps only from major app stores—the Windows Phone Store or Apple’s App Store, for example—and stick to popular apps with numerous reviews and comments.
6.       Be realistic. If it sounds too good to be true, it probably is. From companies that promise to file your taxes for free, to websites that claim you don’t have to pay income tax because it’s unconstitutional—keep an eye out for deliberately misleading statements.

What is HTTPS?

January 21st, 2014 No comments

HTTP stands for Hypertext Transfer Protocol. It’s the language that is used to deliver information over the web, and it’s the first element you see in any URL.

Most web browsers (including Internet Explorer) use an encrypted protocol called Secure Sockets Layer (SSL) to access secure webpages. These pages use the prefix HTTPS. The “s” stands for secure.

If you’re just browsing the web and not entering any sensitive information, HTTP:// is just fine. However, on pages where you enter your password, credit card number, or other financial information, you should always look for the https:// prefix. If you don’t see the “s,” don’t enter any information that you want to keep secure.

For more information, see Privacy in Internet Explorer.

10 New Year’s resolutions for your digital devices and your online life

December 31st, 2013 No comments

It’s a new year, which means it’s time to resolve to create healthier habits in our daily lives. But we don’t have to stop at just improving our body, mind, and spirit. It’s also a good idea to resolve to keep our PCs, laptops, smartphones, and social networking sites healthy this year.

1. Keep your software up to date. You can help protect against viruses, fraud, and more by keeping your operating system, antivirus software, antispyware software, web browser, and other software updated. Microsoft releases security updates on the second Tuesday of every month. Learn how to get security updates automatically.

2. Create strong passwords, keep them secret, and change them regularly. This is particularly important for those passwords that safeguard your computer, important accounts (like email or Facebook), and sensitive information, like financial and health data. Get more information about creating strong passwords and protecting them.

3. Use antivirus software. If your computer is running Windows 8, you can use the built-in Windows Defender to help you detect and get rid of spyware and other malware. If your computer is running Windows 7, Windows Vista, or Windows XP, Windows Defender removes spyware.

4. Check and adjust your privacy settings. You can participate in the online world and keep your information private. Learn more about how to manage your privacy settings in Windows, Internet Explorer, your Microsoft account, Windows Phone, and more. 

Watch a video about privacy in action (1:19).

5. Teach your children about online safety. Before kids use computers, gaming consoles, or mobile devices, make sure you agree on clear limits, talk about how to keep accounts and passwords secret, and help them stand up to online bullying. If your child got a new device this holiday season, read this checklist for safety tips.

6. Monitor your children’s online behaviors, and continue to talk to them about Internet safety. If your kids are online, it’s important to have regular online safety conversations and to continue to keep track of what they’re doing. For more information, see Age-based guidelines for kids’ Internet use.

7. Upgrade to modern software that provides the latest security technologies and protections. Advanced security technologies in modern operating systems are specifically designed to make it more difficult, more complex, more expensive, and therefore, less appealing to cybercriminals to exploit vulnerabilities. Learn more about how support for Windows XP ends this year.

8. Use SkyDrive to help protect your personal information. Ransomware is a type of malware designed to infiltrate your computer and hold your files (photos, documents, reports, etc.) hostage until you pay the demanded amount of money to a cybercriminal. One of the best ways to protect your files is to back them up using a removable drive or a cloud service like SkyDrive.

9. Explore new tools for PC protection. If you feel comfortable performing more advanced computer tasks, consider downloading the free Enhanced Mitigation Experience Toolkit (EMET), which will make it even more difficult for malicious hackers and cybercriminals to get into your computer.

10. Ignore fake tech support phone calls. Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. If you receive a suspicious phone call from someone claiming to be from Microsoft, all you have to do is hang up. For more information, see Avoid tech support phone scams.

 

NORAD Tracks Santa project goes 3D, touch-device optimized with some help from Microsoft

December 3rd, 2013 No comments

The following post is from Roger Capriotti, senior director of product marketing, Microsoft. It was originally published on The Fire Hose.


 The redesigned homepage for NORAD Tracks Santa.

The redesigned homepage for NORAD Tracks Santa.

Every December, the North American Aerospace Defense Command (“NORAD”) serves the important role of ensuring that Santa’s journey around the world is safe. Since 1955, children of all ages have tracked his route with the help of NORAD’s radar, satellites and jet fighters. This year, Microsoft has lent a hand to make the experience the most magical yet, putting a fresh spin on the time-honored tradition with the launch of the new www.NORADSanta.org.

This isn’t the first time Microsoft has worked with NORAD Tracks Santa. Last year, we provided our interactive Bing Maps to give people at home an interactive visual of Santa’s whereabouts on Christmas Eve, which was powered by Windows Azure, as well as apps for Windows and Windows Phone that allowed people a platform to play and learn.

This year, we are raising the bar particularly around the Web experience, which brings holiday cheer to tens of millions of people every year. The Internet Explorer team in particular had a vision for how to fuse the possibilities of the modern Web with the magic of Santa. Inspired by NORAD Tracks Santa’s long history and the Claymation style classic holiday movies, the Internet Explorer team partnered with NORAD to rebuild the Web experience from the ground up.

Santa’s interactive North Pole Village is featured on www.NORADSanta.org

Santa’s interactive North Pole Village is featured on www.NORADSanta.org.

The new online experience is more than just a way to track Santa on Dec. 24. It lets you immerse yourself in the holiday throughout the month of December. With a nostalgic, 3D Claymation look and feel, the new site features a recreation of Santa’s village that you can explore to discover new games daily, music, videos and more. The site is fully touch-enabled, which makes for a truly immersive experience, if you are using a touch device. On Dec. 24, a touch-enabled 3-D globe will light up as Santa begins his journey worldwide. With a modern browser like IE11, you will be able to spin the globe with a swipe of a finger and pinch and zoom to get an in-depth look at Santa’s stops. Bing Maps is at the heart of the journey again. Whether you’re mapping Santa’s route in a browser on a computer or in an app, you’ll see beautiful, high-fidelity images. Bing Maps is the canvas on which Santa’s journey is plotted.

“The Internet Explorer team and everyone at Microsoft have taken the spirit of the holidays that’s central to what we do with NORAD Tracks Santa and helped bring it to today’s modern web and devices,” Stacey Knott, NORAD Tracks Santa Program Manager, told us. “We’re hearing so many fun comments from people who are checking out the new website and apps and love what they see.”

Of course, the magic doesn’t stop there. Many people love to watch Santa’s progress on the site, and call the NORAD hotline to get the latest news straight from the command center. While you can still dial the number from a telephone, voice calling enabled by Skype this year means that with just one click, you and your kids can interact with the NORAD Tracks Santa Command Center to check in on Santa’s status any time you want.

 Santa’s arcade is one of the featured games on the site. New ones are available daily leading up to Christmas.

Santa’s arcade is one of the featured games on the site. New ones are available daily leading up to Christmas.

We’ve also made it easier than ever to track Santa with apps for Windows 8, Windows 8.1 and Windows Phone. The Windows 8 and Windows 8.1 apps will feature live tiles that allow you to track Santa straight from your start screen. And behind the curtain, Windows Azure keeps the whole thing running amidst the incredibly high traffic anticipated for Dec. 24.

This has been quite the journey for us, though it’s nothing compared to the one Santa will make later this December. For a look into NORAD’s history and our work with them, check out our mini-documentary on modernizing the tradition. And, make sure to try your hand at the games unveiled each day and track Santa on Dec. 24 at www.NORADSanta.org.

You might also be interested in:

•    Students: Your school might be able to give you Office 365 at no cost through Microsoft’s new Student Advantage benefit
•    See the most popular Bing searches of 2013
•    Before you hit the mall, download these Windows Phone apps

Download fix for Internet Explorer vulnerability

September 17th, 2013 No comments

We’ve confirmed that cybercriminals are currently targeting a limited number of Internet Explorer customers through trusted websites.

If you’re not running a modern version of Internet Explorer, we recommend upgrading immediately to ensure that you receive the benefit of additional security features that can help prevent successful attacks. We also recommend installing the newly released Fix it (an easy, one-click download to help keep your computer protected), which does not require a reboot. Not sure if you are running a modern version of Internet Explorer? Learn how to check your web browser version

To find tips on how to stay safer online, visit the Microsoft Safety & Security Center.

Addendum: This Fix it was designed for all versions of Internet Explorer. If you have automatic updating turned on, you already received this update as part of our normal updating process on Security Update Tuesday, October 8.

 Learn more about how to get security updates automatically.

Categories: Fix it, Internet Explorer, malware Tags:

Get security updates for July 2013

July 9th, 2013 No comments

Microsoft releases security updates on the second Tuesday of every month.

Skip the details and go to Microsoft Update to download the latest updates.

This bulletin announces the release of security updates for Windows, Internet Explorer, and other programs.

To get more information about security updates and other privacy and security issues delivered to your email inbox, sign up for our newsletter.