Alerts and Bulletins
Information About Security Alerts & Bulletins
For Emergency Alerts posted prior to February 15, 2007, see the Alerts Archive page.
MS-ISAC Cyber Security Alerts
The Multi-State Information Sharing & Analysis Center (MS-ISAC) disseminates Cyber Security Advisories and bulletins to member states through the state offices of the Chief Information Security Officer (CISO). MS-ISAC's Cyber Security Advisories also has an archive of previous alerts.
US-CERT Cyber Security Alerts
The United States Computer Emergency Readiness Team (US-CERT) publishes Cyber Security Alerts that provide timely information about current security issues, vulnerabilities, and exploits. They outline the steps and actions that non-technical home and corporate computer users can take to protect themselves from attack.
US-CERT also publishes Cyber Security Bulletins that provide weekly summaries of new vulnerabilities, and patch information when available. The US-CERT Current Activity webpage is a regularly updated summary of the most frequent, high-impact types of security incidents being reported to US-CERT.
Microsoft Security Bulletins
Microsoft publishes “Bulletins”, or announcements, that a new update has been issued. A bulletin might cover one or more updates and discusses the vulnerability fixed by the updates. Typically, a bulletin announces updates for several products within the same product family. For example, a typical Windows security bulletin might include updates for Windows 2000, Windows XP, Windows Server 2003, and any other Windows products as appropriate. Each update is product-specific and might replace other updates issued earlier for that product in another bulletin.
Bulletins use a severity rating system that provides a single rating for a vulnerability in a software product. The definitions of the ratings are:
- Critical - A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
- Important - A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users’ data, or of the integrity or availability of processing resources.
- Moderate - Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
- Low - A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.