Cisco Blogs


Cisco Blog > Threat Research

Microsoft Patch Tuesday for March 2015: 14 Bulletins Released; FREAK Patched

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products.  This month’s release sees a total of 14 bulletins being released which address 45 CVEs.  The first 5 bulletins are rated critical and address vulnerabilities within Internet Explorer, Office, Windows, and VBScript. The remaining 9 bulletins are rated important and cover vulnerabilities within Windows Kernel Mode Drivers, Exchange, Task Scheduler, Remote Desktop, SChannel, and the Microsoft Graphics component. Read More »

Tags: , , , , ,

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed

Microsoft’s Patch Tuesday for February 2015 has arrived.  This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs.  3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy.  The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager.

Read More »

Tags: , , , , ,

Microsoft Update Tuesday January 2015: Another Light Month, No IE Bulletins, More Changes to Reporting

This post was written by Yves Younan.

Microsoft’s first Update Tuesday of 2015 is pretty light, there’s a total of eight bulletins, all covering a single vulnerability. Seven of these bulletins are rated as important and just one is rated critical. No bulletin for IE is being released this month. Two of the vulnerabilities were publicly disclosed prior to today, while another one was being actively exploited by attackers.

Microsoft made a number of changes to Update Tuesday last month, such as dropping deployment priority in favor of their exploitability index (XI). This month more changes were made to the program: Microsoft is no longer providing their Advance Notification Service (ANS) to the general public, but is instead only providing it to premier customers.

Read More »

Tags: , , , , ,

Microsoft Patch Tuesday for December 2014: Light Month, Some Changes

This post was authored by Yves Younan.

Today, Microsoft is releasing their final Update Tuesday of 2014. Last year, the end of year update was relatively large. This time, it’s relatively light with a total of seven bulletins, covering 24 CVEs. Three of those bulletins are rated critical and four are considered to be important. Microsoft has made a few changes to the way they report their bulletins. Microsoft has dropped the deployment priority (DP) rating, which was very much environment-specific and might not be all that useful for non-default installations. Instead, they are now providing an exploitability index (XI), which ranges from zero to three. With zero denoting active exploitation and three denoting that it’s unlikely that the vulnerability would be exploited. Another change is to more clearly report on how the vulnerability was disclosed: was Microsoft notified via coordinated vulnerability disclosure or was the vulnerability publicly known before being released? Read More »

Tags: , , , , ,

Microsoft Update Tuesday November 2014: Fixes for 3 0-day Vulnerabilities

This month Microsoft is releasing 14 security bulletins. Originally they had planned to release 16, but due to issues that emerged in late testing, two bulletins that were announced in the Advance Security Notification, MS14-068 and MS14-075, have been postponed. Of the 14 bulletins, four are considered critical, eight are important, while two are moderate. They cover a total of 33 CVEs.

Read More »

Tags: , , , , ,