Skip to main content

Month Archives: May 2012

Microsoft security updates and the Common Vulnerability Reporting Framework

Thursday, May 17, 2012

As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF) format, for your examination and feedback. Today, ICASI released version 1.

Introducing EMET v3

Tuesday, May 15, 2012

We are pleased to announce the release of a new version of our Enhanced Mitigation Experience Toolkit (EMET) - EMET 3.0. EMET it is a free utility that helps prevent vulnerabilities in software from being successfully exploited for code execution. It does so by opt-ing in software to the latest security mitigation technologies.

May 2012 Security Bulletin Webcast, Slide Deck, and Q&A

Friday, May 11, 2012

Hello, Today we published the May Security Bulletin Webcast Questions & Answers page, and the May 2012 Security Bulletin Release Webcast slide deck. During the webcast, we fielded 8 questions on various topics, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, June 13 at 11am PDT (UTC -7), when we will go into detail about the June bulletin release and answer questions live on the air.

Bulletin Management Process and the May 2012 Bulletins

Tuesday, May 08, 2012

Hello, Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging decisions that went into MS12-034. This is a particularly interesting case to dive into and will give readers a better appreciation for the bulletin management process here at Microsoft.

MS12-034: Duqu, ten CVE's, and removing keyboard layout file attack surface

Tuesday, May 08, 2012

There are several interesting “stories” to tell about security update MS12-034: Addressing the Duqu vulnerability again? Why so many affected products? Keyboard layout behavior introduced with Windows Vista conditionally applied down-level Addressing the Duqu vulnerability again? Five months ago, we released security update MS11-087 to address CVE-2011-3402, a vulnerability that was being exploited by the Duqu malware to execute arbitrary code when a user opened a malicious Office document.