Microsoft Security Updates for December 2014

Microsoft will be issuing seven security bulletins on Tuesday, December 9. Three are rated critical.

Systems affected are Exchange, Windows, all versions of Office, including for Mac and Internet Explorer. The Internet Explorer update affects all supported versions of IE, including the latest: IE 11. Some updates will require restarting your computer after installation.

The total number of updates from Microsoft will be 84 this year, with just 29 rated critical, which is an improvement over the past two years.

The updates will be available through the normal Windows Update process.

Read the full story in the news.

Security Updates from Microsoft for May 2014

This week on Tuesday, May 13, Microsoft is releasing eight new security bulletins. Two of the bulletins are rated critical. Microsoft systems that will be affected:

  • Microsoft Windows (all current operating systems and servers)
  • Internet Explorer (all supported versions)
  • Microsoft Office (Windows versions only)

Four of the bulletins address flaws in Windows 8.1. To automatically receive the updates, users must apply the Windows 8.1 Update. MIT WAUS subscribers will receive the updates after they have been tested for compatibility within the MIT computing environment.

This week’s updates do not include the out-of-band bulletin MS14-021, which was released on May 1, 2014. The patch for Internet Explorer being released on May 13th contains another critical patch for the browser.

This month’s bulletins do not include updates for Windows XP or Office 2003, as both are now retired and unsupported.

Windows XP Final Fixes Released

Today’s security updates from Microsoft include a final fix for Windows XP and Office 2003. Today marks the end of an era. Windows XP was first rolled out in 2001 and was the most widely adopted operating system.

As users migrate to the newer operating systems, there will still be some organizations and individuals who run older systems and can’t yet upgrade. As a result, organizations will continue to struggle with left-over Windows XP boxes on their networks, leaving them open to vulnerabilities and exploits. The market for exploits will therefore remain into the foreseeable future and it is recommended to keep network-based intrusion prevention solutions tuned to blocking exploits, even those against Windows XP.

If you must run a Windows XP-based system, disconnect it from the Internet. Keep in mind that not only will Windows XP be retired, but all the software running on that system, such as Internet Explorer and Word 2003 will no longer be updated for Windows XP. Run up-to-date anti-virus software

If you are still running Windows XP and want to figure out what to do now, this article has some helpful tips for the current Windows XP user.

January 2014 Security Updates from Microsoft




On Tuesday, January 14, Microsoft is releasing four new security bulletins. None of the bulletins are critical. Microsoft systems affected are:

  • Office
  • Server Software
  • Windows
  • Dynamics AX

It is recommended to accept the updates. MIT WAUS subscribers will receive the updates after they have been tested for compatibility in the MIT environment. Installing the bulletins manually may require a restart.

Despite the light load, the patches do address a zero-day vulnerability in Windows XP and Windows Server 2003, made public in early November. Attackers were actively exploiting the flaw in the ND proxy driver that manages Microsoft’s Telephony API on XP via infected PDF attachments. Exploits only work with an Adobe Reader vulnerability that has since been patched. Microsoft will end support for Windows XP in April, 2014.

Microsoft Security Updates for October 2012

Today, October 9, Microsoft will release seven security bulletins to address twenty vulnerabilities. One of the bulletins has the severity rating of critical, the other six are rated important. The updates will affect:

  • Microsoft Office
  • Microsoft Server Software
  • Microsoft Windows
  • Microsoft Lync
  • Microsoft SQL Server

None of the patches this month address vulnerabilities being exploited in the wild; all were privately reported vulnerabilities. The Office vulnerability could affect both Mac OS X and Windows users.

Microsoft will also be issuing an update that will deprecate the use of certificates that are less than 1024 bit encrypted. Customers may encounter issues if their organization still has legacy certificates in production.

Microsoft has released a separate advisory alerting customers of compatibility issues affecting signed Microsoft binaries. The issue involves specific digital certificates that were generated by Microsoft without proper timestamp attributes. To address this issue, Microsoft is providing non-security updates (some of them are re-releases) for supported releases of Microsoft Windows. The update helps to ensure compatibility between Microsoft Windows and affected software binaries.

Microsoft Security Updates for September 2011

Last week Tuesday Microsoft released multiple patches to fix vulnerabilities in the following systems:

  • Microsoft Windows
  • Microsoft Office
  • Microsoft Server Software

Microsoft published five bulletins categorized as “important” to close 15 holes. Most of the bulletins fix vulnerabilities in Microsoft Office, which attackers can use to inject malicious code and escalate rights. A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. The Windows Malicious Software Removal Tool also received current virus signatures. It is recommended to take the patches as they become available. The updates were released by MIT WAUS last week.

Microsoft Security Bulletin Summary.

November 2010 Microsoft Security Updates

Microsoft will issue three security bulletins on Tuesday, November 9. One of the bulletins is rated critical; the other two are rated important.  The bulletins will address a total of 11 vulnerabilities.

Systems affected:

  • Microsoft Office for Windows XP SP3 through Office 2010
  • Microsoft Office for Mac 2011
  • Microsoft Forefront Unified Access Gateway

No word has been released on patching the zero-day hole in Internet Explorer 6, 7 and 8 that has been used in targeted attacks, and was announced last week. Those who have not done so are urged to upgrade to IE 8, which includes Data Execution prevention technology that makes the flaw harder to exploit.