Announcements- (US/Global English)
.gif)
Learn about Microsoft's approach to privacy in the cloud Based on the past decade of experience examining and addressing privacy challenges in the evolving online services realm, this new "Privacy in the Cloud Computing Era" paper discusses how Microsoft is approaching privacy as it relates to cloud computing; describing how the underlying privacy principles provide a solid foundation for addressing evolving privacy issues. Thursday, Nov 5
New research indicates a significant resurgence in worm attacksReview the latest Security Intelligence Report (SIRv7) to gain an accurate and comprehensive understanding of recent top trends in online threats. In this volume, you’ll find deeper analysis and recommendations based on data input from over 450 million computers worldwide to help you successfully plan and manage protection technologies.Monday, Nov 2
Read the SDL Return On Investment whitepaperUnderstand and communicate the benefits of a software security program, how it can help minimize ongoing security-related maintenance costs while providing customers with a better security experience.Monday, Nov 2
Highlights
Security Highlights
Security Notifications.gif) | A Comprehensive List of Recent Bulletins, Advisories and Alerts
Microsoft Security Bulletin Summary for October 2009Revision Note: V3.1 (November 4, 2009): Removed erroneous references to Microsoft Office Visio Viewer 2007 as affected software in MS09-060 and MS09-062.Summary: This bulletin summary lists security bulletins released for October 2009.Wednesday, Nov 4
MS09-062 - Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) - Version:2.1Severity Rating: Critical - Revision Note: V2.1 (November 4, 2009): Removed erroneous references to Microsoft Office Visio Viewer 2007 as affected software; corrected the setup switches for Microsoft .NET Framework 1.1 and Microsoft .NET Framework 2.0; clarified the entry, " If I have an installation of SQL Server, how am I affected?" in the FAQ section; and corrected the removal information for Microsoft Windows 2000.Summary: This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Wednesday, Nov 4
MS09-061 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) - Version:1.2Severity Rating: Critical - Revision Note: V1.2 (November 4, 2009): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to explain this revision. Customers who have successfully installed this update do not need to reinstall.Summary: This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing it, as could be the case in a Web hosting scenario. Microsoft .NET applications, Silverlight applications, XBAPs and ASP.NET pages that are not malicious are not at risk of being compromised because of this vulnerability.Wednesday, Nov 4
MS09-055 - Critical: Cumulative Security Update of ActiveX Kill Bits (973525) - Version:1.2Severity Rating: Critical - Revision Note: V1.2 (November 4, 2009): Added three entries in Frequently Asked Questions (FAQ) Related to This Security Update to explain user options for Visio Viewer 2007 and MS09-060. Also corrected the dll name for Visio Viewer in the FAQ for CVE-2009-2493.Summary: This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Wednesday, Nov 4
MS09-044 - Critical: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) - Version:2.1Severity Rating: Critical - Revision Note: V2.1 (November 4, 2009): Added a new known issues entry to the Frequently Asked Questions (FAQ) Related to This Security Update section.Summary: This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Wednesday, Nov 4
MS09-054 - Critical: Cumulative Security Update for Internet Explorer (974455) - Version:2.0Severity Rating: Critical - Revision Note: V2.0 (November 2, 2009): Revised to announce the availability of a hotfix to address application compatibility issues. Customers who have already applied this update may install the hotfix from Microsoft Knowledge Base Article 976749. Also corrected the log file names, spuninst folder names, and registry key values for Microsoft Windows 2000.Summary: This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentation Foundation (WPF) plug-in and do not have it disabled should also apply this security update. For more information regarding this issue, please see the FAQ section for HTML Component Handling Vulnerability – CVE-2009-2529.Monday, Nov 2
MS09-052 - Critical: Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) - Version:1.1Severity Rating: Critical - Revision Note: V1.1 (October 29, 2009): Removed a workaround. Also added an entry in the section, Frequently Asked Questions (FAQ) Related to This Security Update, to clarify why some customers without Windows Media Player 6.4 on their systems may be offered this update.Summary: This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Microsoft Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Thursday, Oct 29
|
Community Resources | Windows Vista Highlights
Script Center Highlights
|