Microsoft Security Advisories
Microsoft Security Advisories, a supplement to the Microsoft Security Bulletins, address security changes that may not require a security bulletin but that may still affect customers' overall security.
Microsoft Security Advisories are a way for Microsoft to communicate security information to customers about issues that may not be classified as vulnerabilities and may not require a security bulletin. Each advisory is accompanied with a unique Microsoft Knowledge Base Article number for reference to provide additional information about the changes.
Some examples of topics that security advisories discuss include the following:
- "Defense in Depth" security enhancements or changes that are unrelated to security vulnerabilities
- Guidance and mitigations that may be applicable for publicly disclosed vulnerabilities
Microsoft is committed to providing timely and prescriptive guidance. We encourage customers to provide feedback by completing the form at the Customer Service Contact Us page.
Available Notifications
Last 5 Published or Updated Security Advisories:
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
Published or Last Updated: Tuesday, August 27, 2013
Updates to Improve Cryptography and Digital Certificate Handling in Windows
Published or Last Updated: Tuesday, August 27, 2013
Updates to Improve Remote Desktop Protocol Network-level Authentication
Published or Last Updated: Tuesday, August 13, 2013
Wireless PEAP-MS-CHAPv2 Authentication Could Allow Information Disclosure
Published or Last Updated: Sunday, August 04, 2013
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
Published or Last Updated: Tuesday, July 09, 2013
For the entire list of published Security Advisories, visit the Security Advisory Archive page. To learn about security vulnerabilities that Microsoft discovered in third-party products, visit the Microsoft Vulnerability Research Advisories page.
Get the Updates from Microsoft Updates
Get less technical detail from the Safety and Security Center for consumers, or download the updates from Microsoft Update.
Frequently Asked Questions
Q.<p>What kind of information will security advisories contain?</p>
A.Security advisories contain a top-level summary that details the reason for issuing the advisory, frequently asked questions and suggested actions. Once issued, advisories may be revised as required to reflect new information or guidance.
Q.<p>How are security advisories different from security bulletins?</p>
A.<p>Microsoft Security Bulletins provide information and guidance about updates that are available to address software vulnerabilities that may exist in Microsoft products. With each security bulletin that is released, there is an associated software update available for the affected product. Microsoft Security Advisories are meant to give customers detailed information and guidance on a variety of security-related issues that may not be specifically tied to a software update. For example, an advisory may detail Microsoft software updates that might not address a security vulnerability in the software, but that may introduce changes to the behavior of the product or that introduce new functionality designed to help protect customers from attack.</p>
Q.<p>Could a se<span>cu</span>rity advisory become a security bulletin?</p>
A.<p>In cases where we have issued a security advisory to provide guidance on a publicly disclosed vulnerability, once an update was developed to address that software vulnerability we may update the security advisory to reflect the availability of the security bulletin and point customers to that security bulletin for more information.</p>
Q.<p>Will every security advisory become a security bulletin?</p>
A.<p>No. A security advisory may be updated to point to a security bulletin in cases where a security update has been released to address a vulnerability described in the security advisory.</p>
A.<p>Yes. A <a href="http://www.microsoft.com/technet/security/advisory/RssFeed.aspx?securityadvisory"> Security Advisory RSS Feed</a> is now available. RSS To receive automatic e-mail notifications whenever a security advisory is issued or updated, subscribe to the Microsoft Security Notification Service: Comprehensive Edition.</p>
Q.<p>How frequently are you going to update the security advisories after they have been issued?</p>
A.<p>Security advisories may be updated any time we have new information that assists customers and helps protect them from security threats. During the early stages of a security update, a security advisory it might go through several revisions as our investigation continues and additional guidance is provided. If a security advisory results in a security bulletin, the advisory may be updated to reflect the availability of the bulletin and its associated security update.</p>
Q.<p>How much time after a public report can we expect to see an advisory?</p>
A.<p>Security advisories are designed to provide timely information to all Microsoft customers. To that end, we may provide a security advisory within one business day of being notified of an issue that we believe is best communicated using an advisory.</p>
Q.<p>Why doesn’t the Advance Notification (ANS) include information about security advisories?</p>
A.<p>Since it is our goal to issue security advisories as soon as possible after learning that customers are affected by a security incident or issue, advance notice via the monthly ANS is not practical for timing reasons.</p>
A.<p>There is a "Suggested Actions" section in each advisory to detail any action that users may have to take to help protect themselves.</p>