Cisco Blogs


Cisco Blog > Threat Research

Microsoft Patch Tuesday for April 2015: 11 Bulletins Released

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products.  This month’s release sees a total of 11 bulletins being released which address 26 CVEs.  The first 4 bulletins are rated Critical and address vulnerabilities within Internet Explorer, Office, IIS, and Graphics Component. The remaining 7 bulletins are rated Important and cover vulnerabilities within SharePoint, Task Scheduler, Windows, XML Core Services, Active Directory, .NET, and Hyper-V. Read More »

Tags: , , , , ,

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products.  This month’s release sees a total of 14 bulletins being released which address 45 CVEs.  The first 5 bulletins are rated critical and address vulnerabilities within Internet Explorer, Office, Windows, and VBScript. The remaining 9 bulletins are rated important and cover vulnerabilities within Windows Kernel Mode Drivers, Exchange, Task Scheduler, Remote Desktop, SChannel, and the Microsoft Graphics component. Read More »

Tags: , , , , ,

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed

Microsoft’s Patch Tuesday for February 2015 has arrived.  This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs.  3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy.  The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager.

Read More »

Tags: , , , , ,

Microsoft Update Tuesday January 2015: Another Light Month, No IE Bulletins, More Changes to Reporting

This post was written by Yves Younan.

Microsoft’s first Update Tuesday of 2015 is pretty light, there’s a total of eight bulletins, all covering a single vulnerability. Seven of these bulletins are rated as important and just one is rated critical. No bulletin for IE is being released this month. Two of the vulnerabilities were publicly disclosed prior to today, while another one was being actively exploited by attackers.

Microsoft made a number of changes to Update Tuesday last month, such as dropping deployment priority in favor of their exploitability index (XI). This month more changes were made to the program: Microsoft is no longer providing their Advance Notification Service (ANS) to the general public, but is instead only providing it to premier customers.

Read More »

Tags: , , , , ,

Microsoft Patch Tuesday for December 2014: Light Month, Some Changes

This post was authored by Yves Younan.

Today, Microsoft is releasing their final Update Tuesday of 2014. Last year, the end of year update was relatively large. This time, it’s relatively light with a total of seven bulletins, covering 24 CVEs. Three of those bulletins are rated critical and four are considered to be important. Microsoft has made a few changes to the way they report their bulletins. Microsoft has dropped the deployment priority (DP) rating, which was very much environment-specific and might not be all that useful for non-default installations. Instead, they are now providing an exploitability index (XI), which ranges from zero to three. With zero denoting active exploitation and three denoting that it’s unlikely that the vulnerability would be exploited. Another change is to more clearly report on how the vulnerability was disclosed: was Microsoft notified via coordinated vulnerability disclosure or was the vulnerability publicly known before being released? Read More »

Tags: , , , , ,