Archive

Archive for the ‘Killbit’ Category

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

November 15th, 2013 No comments

Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest.

We’ve discussed the Microsoft Baseline Security Analyzer (MBSA) tool in this and many other webcasts, and I’m happy to report version 2.3 is now available. This new version adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. However, Windows 2000 systems will no longer be supported by MBSA. If you aren’t familiar with the tool or would just like to know more about it, we encourage you to read the FAQ found on the Security TechCenter. Thanks also go out to everyone who participated in the public preview leading up to this release.

We invite you to join us for the next scheduled webcast on Wednesday, December 11, 2013, at 11 a.m. PST (UTC -8), when we will go into detail about the December bulletin release and answer your bulletin deployment questions live on the air.

You can register to attend the webcast at the link below:

Date: Wednesday, December 11, 2013
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

 

 

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

November 15th, 2013 No comments

Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest.

We’ve discussed the Microsoft Baseline Security Analyzer (MBSA) tool in this and many other webcasts, and I’m happy to report version 2.3 is now available. This new version adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. However, Windows 2000 systems will no longer be supported by MBSA. If you aren’t familiar with the tool or would just like to know more about it, we encourage you to read the FAQ found on the Security TechCenter. Thanks also go out to everyone who participated in the public preview leading up to this release.

We invite you to join us for the next scheduled webcast on Wednesday, December 11, 2013, at 11 a.m. PST (UTC -8), when we will go into detail about the December bulletin release and answer your bulletin deployment questions live on the air.

You can register to attend the webcast at the link below:

Date: Wednesday, December 11, 2013
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

 

 

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

May 2013 Security Bulletin Webcast, Q&A, and Slide Deck

May 17th, 2013 No comments

For those who couldn’t attend the live webcast, today we’re publishing the May 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer (MS13-037 and MS13-038) and Visio (MS13-044). 

We invite our customers to join us for the next public webcast on Wednesday, June 12, 2013, at 11 a.m. PDT (UTC -7), when we will go into detail about the June bulletin release and answer questions live on the air.

Customers can register to attend the webcast at the link below:

Date: Wednesday, June 12, 2013
Time: 11:00 a.m. PDT (UTC -7)
Register:
Attendee Registration

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

The December bulletins are released

December 13th, 2011 No comments

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing 13 security bulletins, three of which are rated Critical in severity, and 10 Important.

These bulletins will increase protection by addressing 19 unique vulnerabilities in Microsoft products. Customers should plan to install all of these updates as soon as possible. For those who must prioritize deployment, we recommend focusing first on these critical updates:

  • MS11-092 – Windows Media: Vulnerability In Windows Media Could Allow Remote Code Execution
  • MS11-087 – Windows: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution

Why 13 bulletins and not 14, as we stated in the ANS announcement on Thursday? After that announcement, we discovered an apps-compatibility issue between one bulletin-candidate and a major third-party vendor. We’re currently working with that vendor to address the issue on their platform, after which we’ll issue the bulletin as appropriate. As ever, we’d much rather withdraw a potential bulletin than ship something that might inconvenience customers, however limited that inconvenience in scope. The issue addressed in that bulletin, which we have been monitoring and against which we have seen no active attacks in the wild, was discussed in Security Advisory 2588513.

In the video below, Jerry Bryant discusses this month’s bulletins in further detail.

As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).

Deployment Priority

Our risk and impact graph shows an aggregate view of this month’s severity and exploitability index (click for larger view).

Exploitability Index

You can find more information about this month’s security updates on the Microsoft Security Bulletin Summary web page.

Per our usual process, we’ll offer the monthly technical webcast on Wednesday, hosted by Jerry Bryant and Jonathan Ness. I invite you to tune in and learn more about the December security bulletins, as well as other announcements made today. The webcast is scheduled for Wednesday, December 14, 2011 at 11 A.M. PST. Click here to register.

Thanks,
Angela Gunn
Trustworthy Computing.