Security Bulletin

Over the years, our customers have come to expect a certain regularity and transparency in both our security updates and the guidance that goes with them. One regular piece of communication about our work is a yearly progress report, which provides a...

With about one week to go before we all gather at Black Hat in Las Vegas, we’re getting inquiries about precisely how the promised Live Mitigation Bypass Bounty judging at Black Hat will work. For most of the world, it works best when you get a good...

We’re three weeks into our new world of bounties for Microsoft products now, and as the clock ticks down on one program, we’re prepping for some live excitement with one of the others. First, the Internet Explorer 11 Preview Bounty is entering its...

Today we’re publishing the July 2013 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 10 questions covering all updates. All questions are included on the Q&A page. We invite our customers to join us for the next...

Over the weekend we received a report from our partners about a possible unpatched Internet Explorer vulnerability being exploited in the wild. The exploit code uses a memory corruption bug triggered from a webpage but it deeply leverages a Flash SWF...

When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of...

There are those I’ve met who think my life is something akin to the classic comedy Groundhog Day. No, I don’t wake up to the musical stylings of Sonny and Cher each morning, but month after month after month, the second Tuesday rolls around and I’m...

Today we’re providing advance notification for the release of seven bulletins, six Critical and one Important, for July 2013. The Critical bulletins address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+...

Over the years, we’ve put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our...

Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page. We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler (MS13-050), Microsoft Office (MS13-051), and...

It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year*- _and I’ve dealt with some...

Today we’re providing Advance Notification of five bulletins for release on Tuesday, June 11, 2013. This release brings one Critical- and four Important-class bulletins. The Critical-rated bulletin addresses issues in Internet Explorer, and the...