September ANS and an important heads-up concerning certificates
Thursday, September 06, 2012
简体中文, 繁體中文, Français, Italiano, 日本語, 한국어, México, Portuguese (Brazil), Русский Hello there. As we prepare for
msrc
Security Advisory 2743314 released
Monday, August 20, 2012
Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this scenario are advised to review the guidance described in the advisory to help protect themselves.
August 2012 Security Bulletin Webcast, Q&A, and Slide Deck
Friday, August 17, 2012
Hello. Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls, MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing trust certificates with RSA keys less than 1024 bit key lengths. Three additional questions were answered after the webcast.
August 2012 Bulletin Release
Tuesday, August 14, 2012
Security Advisory 2661254 - Update For Minimum Certificate Key Length Before we get into the details of this month’s bulletin release, let’s take a look at an important change on how Windows deals with certificates that have RSA keys of less than 1024 bits in length. We’ve been talking about this subject since June, and today we are announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length with Security Advisory 2661254.
Advance Notification Service for August 2012 Security Bulletin Release
Thursday, August 09, 2012
Today we’re providing advanced notification on the release of nine bulletins, five Critical and four Important, for August 2012. The five Critical security bulletins are addressing ten vulnerabilities in Microsoft Windows, Internet Explorer, Exchange, SQL Server, Server Software, and Developer Tools. The bulletin for Exchange will address the issue first described in Security Advisory 2737111.
Announcing the BlueHat Prize winners!
Thursday, July 26, 2012
Minutes ago in Las Vegas at the Microsoft Researcher Appreciation Party, we completed the journey we set out on together at the 2011 Black Hat briefings. There, we asked the security research community to focus its talent and expertise on defense, to design and prototype novel runtime mitigation technologies to prevent the successful exploitation of memory safety vulnerabilities.
BlueHat Prize technology available in Tech Preview
Tuesday, July 24, 2012
One year ago this week we challenged the security community to take an unconventional focus on defensive innovation. We called that challenge the BlueHat Prize, and tomorrow night, we will award the grand prize of $200,000 to one of the finalists, either Jared DeMott, Ivan Fratric, or Vasilis Pappas. All three finalists submitted prototype mitigations that help prevent exploits that use Return Oriented Programming (ROP) techniques.
Security Advisory 2737111 released
Tuesday, July 24, 2012
Hello – Today we published Security Advisory 2737111, which provides mitigations and workarounds that will help protect customers from a known vulnerability in one of Oracle’s Outside In libraries, which were updated earlier this month. Microsoft licenses the libraries from Oracle and uses them in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint.
The BlueHat Prize finalists, in their own words
Tuesday, July 24, 2012
In a little less than 24 hours, we will award $200,000 to Jared DeMott, Ivan Fratric, or Vasilis Pappas as we name the inaugural winner of the BlueHat Prize – and we’ll award more than $50,000 for the two runners-up. As excitement builds towards that announcement, I was fortunate enough to sit down with each finalist and get to know them a little bit better.
Countdown to the BlueHat Prize announcement and a chance for you to win $5000
Monday, July 16, 2012
Hello, To mark the start of the 10-day countdown to the BlueHat Prize award ceremony, the MSRC Ecosystem Strategy Team is announcing the BlueHat Prize Question Sweepstakes that will give you a chance to win $5,000 at Black Hat this year! Be sure to check out the official announcement here and the official rules here to see how your input could help us shape a future BlueHat Prize contest.