Archive

Archive for the ‘OOB’ Category

Security Bulletin MS14-068 released

November 20th, 2014 No comments

Today, we released an out-of-band security update to address a vulnerability in Kerberos which could allow Elevation of Privilege. This update is for all supported versions of Windows Server and includes a defense-in-depth update for all supported versions of Windows.

We strongly encourage customers to apply this update as soon as possible by following the directions in Security Bulletin MS14-068.

Tracey Pretorius, Director
Response Communications

Categories: OOB, Security Bulletin, Windows Tags:

Security Bulletin MS14-068 released

November 20th, 2014 No comments

Today, we released an out-of-band security update to address a vulnerability in Kerberos which could allow Elevation of Privilege. This update is for all supported versions of Windows Server and includes a defense-in-depth update for all supported versions of Windows.

We strongly encourage customers to apply this update as soon as possible by following the directions in Security Bulletin MS14-068.

Tracey Pretorius, Director
Response Communications

Categories: OOB, Security Bulletin, Windows Tags:

Out-of-band release for Security Bulletin MS14-068

November 18th, 2014 No comments

On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows.

We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.

More information about this bulletin can be found at Microsoft’s Advance Notification Service page.

Tracey Pretorius, Director
Response Communications

Categories: OOB, Security Bulletin, Windows Tags:

Out-of-band release for Security Bulletin MS14-068

November 18th, 2014 No comments

On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows.

We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin.

More information about this bulletin can be found at Microsoft’s Bulletin Summary page.

Tracey Pretorius, Director
Response Communications

Categories: OOB, Security Bulletin, Windows Tags:

Security Bulletin MS14-045 rereleased

August 27th, 2014 No comments

Every month for many years, we’ve released a number of updates focused on the continuous improvement of customers’ experiences with our technology. Historically, these updates happened at different times during the month, with the security-specific ones occurring on the second Tuesday of each month. Recently, to further streamline, we decided to include more of our non-security updates together with our security updates and begin the global release to customers on the second Tuesday of each month.

This month we had our first roll out with additional non-security updates. A small number of customers experienced problems with a few of the updates. As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these unavailable to download. We then began working on a plan to rerelease the affected updates.

Today, we rereleased Security Bulletin MS14-045 to address kernel-mode driver issues, which you can learn more about through a review of the information contained here.

We encourage customers to install the security update as soon as possible. Customers with automatic updates enabled do not need to take any action. If you don’t have Windows Update enabled, we encourage you to do so now. If you’re not sure whether you’ve enabled Windows Update, you can check here. For organizations, your IT Group, the team or person administering the network, would be the best place to check.

Tracey Pretorius, Director
Microsoft Trustworthy Computing

UPDATE September 2, 2014: Today, we rereleased the August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.

Customers with Windows Updates enabled, and who have selected to receive optional updates automatically, do not need to take any action. Customers who have not selected to receive optional updates automatically, will need to go to Windows Update to install it.

For more information on this release, please visit the Windows blog.

Security Bulletin MS14-045 rereleased

August 27th, 2014 No comments

Every month for many years, we’ve released a number of updates focused on the continuous improvement of customers’ experiences with our technology. Historically, these updates happened at different times during the month, with the security-specific ones occurring on the second Tuesday of each month. Recently, to further streamline, we decided to include more of our non-security updates together with our security updates and begin the global release to customers on the second Tuesday of each month.

This month we had our first roll out with additional non-security updates. A small number of customers experienced problems with a few of the updates. As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these unavailable to download. We then began working on a plan to rerelease the affected updates.

Today, we rereleased Security Bulletin MS14-045 to address kernel-mode driver issues, which you can learn more about through a review of the information contained here.

We encourage customers to install the security update as soon as possible. Customers with automatic updates enabled do not need to take any action. If you don’t have Windows Update enabled, we encourage you to do so now. If you’re not sure whether you’ve enabled Windows Update, you can check here. For organizations, your IT Group, the team or person administering the network, would be the best place to check.

Tracey Pretorius, Director
Microsoft Trustworthy Computing

UPDATE September 2, 2014: Today, we rereleased the August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.

Customers with Windows Updates enabled, and who have selected to receive optional updates automatically, do not need to take any action. Customers who have not selected to receive optional updates automatically, will need to go to Windows Update to install it.

For more information on this release, please visit the Windows blog.

Out-of-Band Release to Address Microsoft Security Advisory 2963983

At approximately 10 a.m. PDT, we will release an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in Security Advisory 2963983. This update is fully tested and ready for release for all affected versions of the browser.

The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. If you’re unsure if you have automatic updates, or you haven’t enabled Automatic Update, now is the time. 

For those manually updating, we strongly encourage you to apply this update as quickly as possible following the directions in the released security bulletin.

We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.

Please join us tomorrow at 11 a.m. PDT for a webcast where we will present information on the bulletin.

Registration information:

Date: Friday, May 2, 2014
Time: 11:00 a.m. PDT
Registration:
https://msevents.microsoft.com/CUI/InviteOnly.aspx?EventID=7F-7C-CD-0D-1D-9F-4D-AC-46-22-BC-40-40-E8-D9-93

More information about the upcoming security bulletin can be found at Microsoft’s Advance Notification Service (ANS) webpage.You can also stay apprised of the MSRC team’s recent activities by following us on Twitter at @MSFTSecResponse

Thank you,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Security Update Released to Address Recent Internet Explorer Vulnerability

Today, we released a security update to address the Internet Explorer (IE) vulnerability first described in Security Advisory 2963983. This security update addresses every version of Internet Explorer.

While we’ve seen only a limited number of targeted attacks, customers are advised to install this update promptly. The majority of our customers have automatic updates enabled and so will not need to take any action as protections will be downloaded and installed automatically. If you’re unsure if you have automatic updates, or you haven’t enabled Automatic Update, now is the time. 

For those manually updating, we strongly encourage you to apply this update as quickly as possible, following the directions in the released security bulletin.

We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11. You can find more information on the Microsoft Security Bulletin summary webpage.

We invite you to join Jonathan Ness and myself for a live webcast at 11 a.m. PDT tomorrow, where we’ll provide a detailed review of the bulletin. You can register here.

*Updated 5/2/2014 – The 11 a.m. webcast has reached capacity, so a second webcast has been scheduled for 2 p.m. on Friday, May 2. Details on registration can be found here.

For more information, please see the Microsoft News blog.

Dustin Childs
Group Manager, Response Communications
Trustworthy Computing

January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

January 15th, 2013 No comments

Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript.

 

We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February bulletin release and answer questions live on the air.

 

Customers can register to attend at the link below:

Date: Wednesday, February 13, 2013
Time: 11:00 a.m. PST (UTC -8)
Register:
Attendee Registration

 

 

Thanks,

Dustin Childs
Group Manager, Trustworthy Computing

MS13-008 Released for Security Advisory 2794220

January 14th, 2013 No comments

Today, we released MS13-008 to address the issue described in Security Advisory 2794220. We’ve seen only a limited number of attacks through an issue in Internet Explorer 6-8, but the potential exists that more customers could be affected. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we strongly encourage you to apply this update as quickly as possible. As always, we recommend upgrading to Internet Explorer 9-10, as they are not impacted by this issue.

As we discussed in the ANS blog post, if you previously applied the Fix it offered through the advisory, you do not need to uninstall it before applying the security update released today. However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system.

Please watch the video below for an overview of this security update, and you can find more information on the Microsoft Security Bulletin summary webpage.

We also invite you to join Jonathan Ness and myself for a live webcast at 1 p.m. PST today, where we’ll provide a detailed review of the bulletin and answer your questions in real-time. You can register here. I look forward to chatting with you then.

Thanks,

Dustin Childs
Group Manager
Trustworthy Computing

 

Advance Notification for Update to Address Security Advisory 2794220

January 13th, 2013 No comments

Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future.  The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not affected by this issue and as always, we encourage customers to upgrade to the latest browser version.

We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action.  If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update.

We will be holding a special, live webcast, during which we’ll take your questions regarding this update, on Monday, January 14 at 1 p.m. PST. Click here to register.

For all the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

Thanks,

Dustin Childs
Group Manager
Trustworthy Computing

September 2012 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

September 24th, 2012 No comments

Hello.

Today we’re publishing the September 2012 Security Bulletin Out-of-Band Webcast Questions & Answers page. During the webcast, we fielded 19 questions. Those were focused on MS12-063, the out-of-band cumulative release for Internet Explorer, and Security Advisory 2755801, which involves an issue with the Adobe Flash Player implementation for Internet Explorer 10. All questions are included on the Q&A page.

Thanks,

Yunsun Wee
Director, Trustworthy Computing

Internet Explorer Fix it available now; Security Update scheduled for Friday

September 19th, 2012 No comments

Earlier this week, an issue impacting Internet Explorer affected a small number of customers.  The potential exists, however, that more customers could be affected.  As a result, today we have released a Fix it that is available to address that issue.  This is an easy, one-click solution that will help protect your computer right away.  It will not affect your ability to browse the web, and it does not require a reboot of your computer.

Then, on this Friday, Sept. 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels.  We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine.  This will not only reinforce the issue that the Fix It addressed, but cover other issues as well.

Today’s Advance Notification Service (ANS) provides additional details about the update we are releasing on Friday – MS12-063. We are planning to release this bulletin as close to 10 a.m. PDT as possible. This cumulative update for Internet Explorer has an aggregate severity rating of Critical. It addresses the publicly disclosed issue described in Security Advisory 2757760 as well as four other Critical-class remote code execution issues.

We will also hold a special live webcast, during which we’ll take your questions above everything we release on Friday, Sept. 21 at 12 p.m. PDT. Click here to register.

Thanks –

Yunsun Wee
Director, Trustworthy Computing.

Advanced Notification for out-of-band release to address Security Advisory 2659883

December 29th, 2011 No comments

Hello,

Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST.

The bulletin has a severity rating of Critical and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. While we’re currently unaware of any attacks targeting ASP.NET, we encourage all customers to test and deploy the update when it is available.

We will also hold a special edition webcast on Thursday, December 29 at 1 p.m. PST. Click here to register.

For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.

 

Thanks,

Dave Forstrom

Director

Microsoft Trustworthy Computing

Categories: ANS, OOB, Security Advisory Tags: