Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript.
We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February bulletin release and answer questions live on the air.
Customers can register to attend at the link below:
Date: Wednesday, February 13, 2013
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration
Thanks,
Dustin Childs
Group Manager, Trustworthy Computing
Today, we released MS13-008 to address the issue described in Security Advisory 2794220. We’ve seen only a limited number of attacks through an issue in Internet Explorer 6-8, but the potential exists that more customers could be affected. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we strongly encourage you to apply this update as quickly as possible. As always, we recommend upgrading to Internet Explorer 9-10, as they are not impacted by this issue.
As we discussed in the ANS blog post, if you previously applied the Fix it offered through the advisory, you do not need to uninstall it before applying the security update released today. However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system.
Please watch the video below for an overview of this security update, and you can find more information on the Microsoft Security Bulletin summary webpage.
We also invite you to join Jonathan Ness and myself for a live webcast at 1 p.m. PST today, where we’ll provide a detailed review of the bulletin and answer your questions in real-time. You can register here. I look forward to chatting with you then.
Thanks,
Dustin Childs
Group Manager
Trustworthy Computing
Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future. The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not affected by this issue and as always, we encourage customers to upgrade to the latest browser version.
We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action. If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update.
We will be holding a special, live webcast, during which we’ll take your questions regarding this update, on Monday, January 14 at 1 p.m. PST. Click here to register.
For all the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.
Thanks,
Dustin Childs
Group Manager
Trustworthy Computing
Hello.
Today we’re publishing the September 2012 Security Bulletin Out-of-Band Webcast Questions & Answers page. During the webcast, we fielded 19 questions. Those were focused on MS12-063, the out-of-band cumulative release for Internet Explorer, and Security Advisory 2755801, which involves an issue with the Adobe Flash Player implementation for Internet Explorer 10. All questions are included on the Q&A page.
Thanks,
Yunsun Wee
Director, Trustworthy Computing
Earlier this week, an issue impacting Internet Explorer affected a small number of customers. The potential exists, however, that more customers could be affected. As a result, today we have released a Fix it that is available to address that issue. This is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the web, and it does not require a reboot of your computer.
Then, on this Friday, Sept. 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels. We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine. This will not only reinforce the issue that the Fix It addressed, but cover other issues as well.
Today’s Advance Notification Service (ANS) provides additional details about the update we are releasing on Friday – MS12-063. We are planning to release this bulletin as close to 10 a.m. PDT as possible. This cumulative update for Internet Explorer has an aggregate severity rating of Critical. It addresses the publicly disclosed issue described in Security Advisory 2757760 as well as four other Critical-class remote code execution issues.
We will also hold a special live webcast, during which we’ll take your questions above everything we release on Friday, Sept. 21 at 12 p.m. PDT. Click here to register.
Thanks –
Yunsun Wee
Director, Trustworthy Computing.
Hello,
Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST.
The bulletin has a severity rating of Critical and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. While we’re currently unaware of any attacks targeting ASP.NET, we encourage all customers to test and deploy the update when it is available.
We will also hold a special edition webcast on Thursday, December 29 at 1 p.m. PST. Click here to register.
For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
Thanks,
Dave Forstrom
Director
Microsoft Trustworthy Computing
