Jump to content

Recommended Posts

  • FPCH Admin
Posted

Today, as part of Update Tuesday, we released nine security updates – two rated Critical and seven rated Important – to address 37 Common Vulnerabilities & Exposures (CVEs) in SQL Server, OneNote, SharePoint, .NET, Windows and Internet Explorer (IE). We encourage you to apply all of these updates, but for those who need to prioritize their deployment planning, we recommend focusing on the Critical updates first.

 

Here’s an overview slide and video of the security updates released today:

 

d068b7dc6f50a74cffdd084151be4aed.jpg

 

 

 

 

Microsoft also revised Security Advisory 2755801: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer.

 

For more information about this month’s security updates, including the detailed view of the Exploit Index broken down by each CVE, visit the Microsoft Bulletin Summary Web page. If you are not familiar with how we calculate the Exploitability Index (XI), a full description is found here.

 

You may notice a revision in the XI this month, which aims to better characterize the actual risk to a customer on the day the security update is released. Customers will see new wording for the rating, including a new rating of “0” for “Exploitation Detected.” More information about XI can be found here: http://technet.microsoft.com/en-us/security/cc998259.aspx.

 

Last week, Microsoft announced some other news that relates to Update Tuesday:

 

  • On August 5, Windows published a Windows blog post discussing its non-security update strategy moving forward, which is now on a monthly cadence as part of Update Tuesday.
  • On August 6, IE announced in its IE Blog that it would begin blocking out-of-date ActiveX controls. This feature will be part of the August IE Cumulative Security Update, but no out-of-date ActiveX controls will be blocked for 30 days in order to give customers time to test and manage their environments.
  • On August 7, .NET and IE announced that Microsoft will support only the most recent versions of .NET and IE for each supported operating system.

 

Jonathan Ness and I will host the monthly bulletin webcast, scheduled for Wednesday, August 13, 2014, at 11 a.m. PDT.

 

For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.

 

Thanks,

 

Dustin Childs

 

Group Manager, Response Communications

Microsoft Trustworthy Computing

 

 

Continue reading...

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...