Month Archives: January 2010
There were dragons. Everywhere.
Wednesday, January 27, 2010
Handle: volty IRL: Joe Hemmerlein Rank: Security Grunt (aka Security Program Manager) Likes: Quality engineering, diverting things from their intended use, processes and tools Dislikes: Meat, speed limits, getting up in the morning Guten Morgen! Joe Hemmerlein hier vom Microsoft Security Response Center (MSRC). I just returned from Germany earlier this month, where I spent some time mingling with security researchers.
January 2010 Out-of-Band Security Bulletin Webcast
Friday, January 22, 2010
Hello everyone, Yesterday Adrian Stone from the Microsoft Security Response Center (MSRC) and I hosted a live webcast to discuss Security Bulletin MS10-002 and Security Advisory 979682 in more detail with customers. Below is the video of that presentation and you can find the question & answer transcript here. We spent over an hour answering customer questions during the webcast.
Out-of-Band Security Bulletin Webcast Q&A - January 21, 2010
Friday, January 22, 2010
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: January 2010 Out-of-Band Security Bulletin Date: Thursday, January 21, 2010 Q: I understand the severity for workstaitons. Is the severity lower for servers in terms of this vulnerability, since most servers (except Terminal Servers) do not use IE?
2010年1月のワンポイントセキュリティ [特別編]
Thursday, January 21, 2010
小野寺です。 本日定例外で公開した MS10-002 の Internet Explorer のセキュリティ更新プログラムに関する特別版のワンポイントセキ
Bulletin MS10-002 Released
Thursday, January 21, 2010
Hello, Today we released Security Bulletin MS10-002 out-of-band to address vulnerabilities in Internet Explorer. All customers using currently supported versions of Windows and Internet Explorer should apply this update as soon as possible. Once applied, customers are protected against the known attacks that have been widely publicized. For customers using automatic updates, this update will automatically be applied once it is released.
Internet Explorerのセキュリティ更新プログラムを提供開始 (MS10-002)
Thursday, January 21, 2010
小野寺です。 「Internet Explorer 6 の悪用事例を確認 (セキュリティ アドバイザリ 979352)」でお伝え
Advance Notification for Out-of-Band Bulletin Release
Wednesday, January 20, 2010
Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21st, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical.
Reports of DEP being bypassed
Wednesday, January 20, 2010
Yesterday we heard reports of a commercially available exploit that bypasses DEP. This exploit was made available to a limited number of major security vendors (Antivirus, IDS, and IPS vendors) and government CERT agencies. We wanted to use this opportunity to give an overview of current customer risk related to this DEP bypass.
Security Advisory 979682 Released
Wednesday, January 20, 2010
Today we released Security Advisory 979682 to address an Elevation of Privilege (EoP) vulnerability in the Windows kernel, affecting all currently supported versions of 32-bit Windows. 64-bit versions of Windows, including Windows Server 2008 R2, are not affected. The advisory provides customers with actionable guidance to help with protections against exploit of this vulnerability.