マイクロソフト セキュリティ インテリジェンスレポート (SIR) 第 12 版を公開
Wednesday, April 25, 2012
本日、2011 年下半期 (2011 年 7 月~ 12 月) の脅威の動向をまとめた、「マイクロソフト セキュリティ インテリジ
Month Archives: April 2012
安全なソフトウェア開発が改めて重視 – SDL 導入の手始めに役立つガイドライン
Monday, April 23, 2012
近頃、セキュリティ業界の会合やお客様との会話の中で、マイクロソフトのセキュリティ開発ライフサイクル (SDL)
April 2012 Security Bulletin Webcast and Q&A
Friday, April 13, 2012
Hello, Today we published the April Security Bulletin Webcast Questions & Answers page, and the slide deck presented in the webcast. We fielded 15 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, May 9 at 11am PDT (UTC -7), when we will go into detail about the May bulletin release and answer questions live on the air.
IE9 にアップグレードすると言語パックがインストールできない現象
Thursday, April 12, 2012
2012/4/17 更新: IE9 にアップグレードすると言語パックがインストールできない問題は、4 月 14 日に修正されました。現
2012 年 4 月のセキュリティ情報 (月例)
Tuesday, April 10, 2012
先週の事前通知でお知らせしたとおり、計 6 件 (緊急 4 件、重要 2 件) のセキュリティ情報を公開しました。 ま
2012 年 4 月のワンポイント セキュリティ
Tuesday, April 10, 2012
皆さん、こんにちは! 4 月のマイクロソフト ワンポイント セキュリティ情報を公開しました。 本日 4 月 11 日に公
Assessing risk for the April 2012 security updates
Tuesday, April 10, 2012
Today we released 6 security bulletins. Four have a maximum severity rating of Critical with the other two addressing Important class vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Rating Likely first 30 days impact Platform mitigations and key notes MS12-027(Windows Common Controls) Attackers have leveraged this vulnerability in limited, targeted attacks by emailing malicious RTF file to victims.
MS12-025 and XBAP: No longer a driveby threat
Tuesday, April 10, 2012
One of the security bulletins released today, MS12-025, addresses a code execution vulnerability in the .NET Framework. To exploit the vulnerability, an attacker would build a malicious XBAP application and lure victims to a malicious website serving the XBAP. The good news is that a zero-click “driveby” style attack is no longer possible from the Internet on workstations where MS11-044 (published June 2011) has been installed.
MS12-027: Enhanced protections regarding ActiveX controls in Microsoft Office documents
Tuesday, April 10, 2012
Security Update MS12-027 addresses a code execution vulnerability in MSCOMCTL.OCX, the Windows Common Controls ActiveX control. By default, this component is included with all 32-bit versions of Microsoft Office. We’d like to cover the following topics in this blog post: Limited, targeted attacks leveraging this vulnerability Mitigations in recent versions of Office to reduce the risk Extra protections to block all or specific ActiveX controls in Office documents The new Office 2010 kill bit feature Limited, targeted attacks leveraging this vulnerability
Windows XP and Office 2003 countdown to end of support, and the April 2012 bulletins
Tuesday, April 10, 2012
Hello, As you know, today is Update Tuesday. Before I go into the bulletin details, however, I wanted to let you know that today we’re notifying customers that Windows XP and Office 2003 will go out of support in April 2014. We understand that preparing to deploy the latest versions of Windows and Office may take time for some organizations, and we encourage all customers to upgrade to the latest operating system to help protect your systems.