Today we released MS12-060, addressing a potential remote code execution vulnerability in MSCOMCTL.OCX, the binary included with a number of Microsoft products to provide a set of common ActiveX controls.
Limited, targeted attacks exploiting CVE-2012-1…
We released security update MS12-054 to address four privately reported issues in Windows networking components failing to properly handle malformed Remote Administration Protocol (RAP) responses. The most severe of these issues, CVE-2012-1851, is a fo…
Today we released nine security bulletins addressing 26 CVE’s (13 Microsoft and 13 Oracle CVE’s). Five of the bulletins have a maximum severity rating of Critical and the other four have a maximum severity rating of Important. We hope that the table be…
Now that we have announced the winners of the first BlueHat Prize competition, we wanted to provide some technical details on the top entries and explain how we evaluated their submissions. Speaking on behalf of the judges, it was great to see people t…
Vulnerabilities in on-line services, like cross-site scripting, cross-site request forgery, or even information disclosure, are important areas of focus for the Microsoft Security Response Center (MSRC). Over the last few years Microsoft has developed …
Last year at Black Hat Las Vegas, we announced the BlueHat Prize contest – a large cash prize awarded for defensive security research. One month ago, we announced the names of three finalists. On Thursday night shortly after 10 PM, at the Microsoft Res…
Today we released Security Advisory 2737111 to describe the way in which vulnerabilities in Oracle’s Outside In technology impact the document preview functionality of Microsoft Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint. …
Today Microsoft provided nine bulletin updates, as described in July’s Security Bulletin Summary. This post is going to focus on the first of the issues described in the above summary – Vulnerability in Microsoft XML Core Services Could Allow Remote Co…
Over the past several months, Microsoft has made changes both to our own internal PKI practices and to the Windows Update channel (client-side and server-side) PKI handling. You’ve likely already read about those changes on the MSRC blog, the Microsoft…
Today we released nine security bulletins addressing 16 CVE’s. Three of the bulletins have a maximum severity rating of Critical and the other six have a maximum severity rating of Important. We hope that the table below helps you prioritize the deploy…
