Tuesday, August 13, 2013
Two weeks ago I, along with 7,500 of my closest friends, attended the Black Hat security conference in Las Vegas, NV. I can’t speak for everyone, but I certainly had a great – if not exhausting – time while there. While there were a lot of great talks, a personal highlight for me each year is the chance to meet and talk with the various people who attend.
Thursday, August 08, 2013
Today we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for August 2013. The Critical updates address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange. As usual, we’ve scheduled the bulletin release for the second Tuesday of the month, August 13, 2013, at approximately 10:00 a.
Wednesday, July 31, 2013
Today we are kicking off a new challenge so you can showcase your security prowess and, if we can, help you build some more. Our BlueHat Challenge is a series of computer security questions, which increase in difficulty as you progress. Only the rare and talented engineer will be able to finish the Challenge on the first attempt.
Monday, July 29, 2013
Over the years, our customers have come to expect a certain regularity and transparency in both our security updates and the guidance that goes with them. One regular piece of communication about our work is a yearly progress report, which provides a look into the program updates and bulletin statistics from the Microsoft Security Response Center (MSRC).
Friday, July 12, 2013
Today we’re publishing the July 2013 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 10 questions covering all updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled webcast on Wednesday, August 14th at 11 a.m. PT (UTC -8), when we will go into detail about the August 2013 bulletin release and answer questions live on the air.
Tuesday, July 09, 2013
There are those I’ve met who think my life is something akin to the classic comedy Groundhog Day. No, I don’t wake up to the musical stylings of Sonny and Cher each morning, but month after month after month, the second Tuesday rolls around and I’m involved in releasing security updates.
Thursday, July 04, 2013
Today we’re providing advance notification for the release of seven bulletins, six Critical and one Important, for July 2013. The Critical bulletins address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Internet Explorer and GDI+. Also scheduled for inclusion among these Critical bulletins is an update to address CVE-2013-3660, which is a publicly known issue in the Kernel-Mode Drivers component of Windows.
Wednesday, June 19, 2013
Over the years, we’ve put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our software that we may have missed. Now we’re taking it even further.
Friday, June 14, 2013
Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page. We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler (MS13-050), Microsoft Office (MS13-051), and the security advisory addressing digital certificates (SA2854544). There was one question we were unable to field on the air which we answered on the Q&A page.
Tuesday, June 11, 2013
It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year*- _and I’ve dealt with some interesting issues during my tenure* - _but our goal of providing the best customer protections possible remains a constant.
