2011

MS11-034: Addressing vulnerabilities in the win32k subsystem

Tuesday, April 12, 2011

Today we released security bulletin MS11-034 to address vulnerabilities in the win32k subsystem. This update addresses externally reported issues as well as several internally found vulnerabilities that were discovered as part of our variant investigation. The bulletin may appear to address an alarmingly large number of issues. However, if you dig into the issues themselves, you’ll find that the 30 vulnerabilities addressed in this update really just share three separate vulnerability root causes: insufficient validation or locking of win32k objects after a user-mode callback.

• Exploitability
• Rating
• Win32k.sys

2011 年 4 月 13 日のセキュリティ リリース予定 (月例)

Thursday, April 07, 2011

2011 年 4 月 13 日に予定している月例のセキュリティ リリースについてのお知らせです。 来週水曜日に公開を予定し

• セキュリティ情報

Advance Notification Service for the April 2011 Bulletin Release

Thursday, April 07, 2011

Hello everyone, My name is Pete Voss, and I’m a senior response communications manager with Microsoft Trustworthy Computing. I’ll be joining the rest of the team on the MSRC blog and @MSFTSecResponse Twitter handle to help provide you with the latest information and guidance for Microsoft security. Today, we’re providing advanced notification on the release of 17 security bulletins, nine rated Critical and eight rated Important.

• ANS

Announcing the Microsoft Security Update Guide, Second Edition

Monday, April 04, 2011

Hi all – We’re pleased to announce the release of the new Microsoft Security Update Guide, Second Edition. Fully revised and updated from the first edition, which was released in 2009, this edition focuses on best practices for prioritizing and testing security updates before deployment within your organization’s IT environment.

• Risk Assessment
• Security Bulletin

福島第一原発事故に見るインシデント レスポンスの重要性

Thursday, March 24, 2011

東日本大震災発生から 2 週間が経過しようとしていますが、テレビ等で被災地の惨状を目にするにつけ被害の大

Microsoft Releases Security Advisory 2524375

Wednesday, March 23, 2011

Hello - Today we’re releasing Security Advisory 2524375, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users.

• Advisory

不正なデジタル証明書に関する新規アドバイザリ 2524375 を公開

Wednesday, March 23, 2011

本日、マイクロソフトは、不正なデジタル証明書に関する セキュリティ アドバイザリ 2524375 を公開しました。このア

• Advisory
• Certificates
• Phishing
• アドバイザリ

Blocking Exploit Attempts of the Recent Flash 0-Day

Thursday, March 17, 2011

We’ve recently become aware of a new exploit in the wild targeting a 0-day vulnerability in Adobe Flash Player. This exploit differs from the typical Flash Player attacks we’ve seen where a victim is lured into browsing to a website hosting malicious Flash content. Instead, these attacks involve a malicious Flash .

• Adobe
• EMET
• Flash Player
• Office 2010
• Protected View

地震も憎いが、フィッシングも憎い

Sunday, March 13, 2011

麻生です。 東北関東大震災が発生し、テレビから入ってくる情報を見ると心が苦しくてたまりません。何かでき

Q&A from the March 2011 Security Bulletin Webcast

Friday, March 11, 2011

Hello, Today we published the March Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, April 13th at 11am PDT (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

• Security
• Security Bulletin
• Security bulletin release
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A