Saturday, June 18, 2011
Hello, Today we published the June Security Bulletin Webcast Questions & Answers page. We fielded fifteen questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There were two questions during the webcast that we were unable to answer, and we have included those questions and answers on the Q&A page.
Thursday, June 16, 2011
The Khronos Group’s WebGL technology is a cross-platform, low-level 3D graphics API for the web. Recently, Context Information Security published two reports critical of the WebGL technology, WebGL – A New Dimension for Browser Exploitation and WebGL – More WebGL Security Flaws. One of the functions of MSRC Engineering is to analyze various technologies in order to understand how they can potentially affect Microsoft products and customers.
Wednesday, June 15, 2011
Handle: Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni Hi everyone, Together with my colleagues Jeff Williams and Holly Stewart from the Microsoft Malware Protection Center (MMPC) I am here at the 23rd Annual FIRST conference in Vienna, Austria this week.
Tuesday, June 14, 2011
先週の事前通知でお伝えした通り、セキュリティ情報 計 16 件 (緊急 9 件、重要 7 件) を公開しました。今月の公
Tuesday, June 14, 2011
皆さん、こんにちは!今月のマイクロソフトワンポイントセキュリティ情報担当者です。 先ほど 6 月のワンポイ
Tuesday, June 14, 2011
Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability rating Likely first 30 days impact Platform mitigations and key notes MS11-050(IE) Victim browses to a malicious webpage.
Tuesday, June 14, 2011
Hello there. First off, I’d like to share some news regarding the updates we made to the Autorun feature in Security Advisory 967940, which we released in February 2011. The advisory made changes to how Autorun handles “non-shiny” media (eg., USB thumb drives). The change was expected to make a significant difference to infection rates by malware that uses Autorun to propagate, and we’ve been monitoring those rates ever since.
Tuesday, June 14, 2011
Today we have released MS11-044 to address CVE-2011-1271, a remote code execution vulnerability in the .NET framework. Here we would like to provide more technical information about this vulnerability and why we believe this issue to be unlikely to be exploited. This root cause of CVE-2011-1271 is that there was a bug in the JIT compiler which would cause it to mistakenly determine that a given object is always null (or non-null) and would omit certain checks.
Tuesday, June 14, 2011
Today, we released MS11-050, a cumulative security update for Internet Explorer to address several vulnerabilities in IE9. The following table lists the CVEs included in MS11-050, and whether each affects IE8 or IE9. CVE Rating IE8 IE9 CVE-2011-1246 Moderate Yes No CVE-2011-1258 Moderate Yes No CVE-2011-1252 Important Yes No CVE-2011-1256 Important Yes No CVE-2011-1255 Critical Yes No CVE-2011-1254 Critical Yes No CVE-2011-1251 Critical Yes No CVE-2011-1250 Critical Yes Yes CVE-2011-1260 Critical Yes Yes CVE-2011-1261 Critical Yes Yes CVE-2011-1262 Critical Yes Yes As shown above, only a minor fraction of vulnerabilities affecting IE8 (and earlier versions of the browser) would still affect IE9.
Tuesday, June 14, 2011
このたび、マイクロソフトのセキュリティ情報に関するアンケートを開設しました。マイクロソフトでは、月例
