Skip to main content
MSRC

msrc

BlueHat Prize: And now the fun begins

Tuesday, April 03, 2012

The entry window for the first annual BlueHat Prize closed at 11:59pm PDT on April 1. We’ve been eagerly awaiting a final entry count from the contest organizers, and senior security strategist Katie Moussouris has just posted that tally on the EcoStrat blog. Congratulations to all participants and good luck to the BlueHat Prize Board, which finds itself eyebrow-deep in exciting new defensive-security ideas as the competition judging process begins.

Read More

6...5...4...3...2...

Monday, March 26, 2012

Nearly nine months after we announced the first annual BlueHat Prize competition for innovations in defensive security technologies, we’re just days away from the submission deadline. On the EcoStrat blog today, Senior Security Strategist Katie Moussouris gives a glimpse into the frantic final days of the competition period. If you’re working on your own entry (deadline April 1!

Read More

March 2012 Security Bulletin Webcast and Q&A

Friday, March 16, 2012

Hello, Today we published the March Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded twelve questions focusing on MS12-020 (aka “the RDP update”). Two additional questions for MS12-022 regarding Microsoft Expression Design were answered after the webcast. All questions are included on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, April 11, 2012 at 11am PDT (UTC -7), when we will go into detail about the April bulletin release and answer questions live on the air.

Read More

Proof-of-Concept Code available for MS12-020

Friday, March 16, 2012

On March 15, we became aware of public proof-of-concept code that results in denial of service for the issue addressed by MS12-020, which we released Tuesday. We continue to watch the threat landscape and we are not aware of public proof-of-concept code that results in remote code execution. We recommend customers deploy MS12-020 as soon as possible, as this security update protects against attempts to exploit CVE-2012-0002.

Read More

Strength, flexibility and the March 2012 security bulletins

Tuesday, March 13, 2012

Hello. Today we’re releasing six security bulletins – one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. We recommend that customers focus on MS12-020, our sole critical-class bulletin, as the March deployment priority. A little about MS12-020: MS12-020 (Windows) : This bulletin addresses one Critical-class issue and one Moderate-class issue in Remote Desktop Protocol (RDP).

Read More

March 2012 ANS

Thursday, March 08, 2012

Hello. Today we’re releasing our advance notification for the March security bulletin release, which is scheduled for Tuesday, March 13. This month’s release includes six bulletins addressing seven vulnerabilities in Microsoft Windows, Visual Studio, and Expression Design. As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible.

Read More

February 2012 Security Bulletin Webcast and Q&A

Friday, February 17, 2012

Hello, Today we published the February Security Bulletin Webcast Questions & Answers page. We fielded ten questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Many of the questions centered on the .Net/Silverlight update MS12-016. Click here to access the slide deck that appears in the webcast.

Read More

MSRC looks back at ten years, and the February 2012 bulletins

Tuesday, February 14, 2012

Ever wondered where Update Tuesday bulletins come from, or what it’s like around Microsoft when a serious information-security situation arises? Or wondered who precisely is responsible for getting your monthly bulletin releases out the door? Update Tuesday, which brings us here today, is one of the most prominent results of that famous Bill Gates memo that put security at the center of Microsoft’s development and support efforts – just over 10 years ago.

Read More

ANS for February 2012, and some notes on SDL

Thursday, February 09, 2012

Hello. Today we’re releasing our advance notification for the February security bulletin release, which is scheduled for Tuesday, February 14. This month’s release includes nine bulletins addressing 21 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and .NET/Silverlight. As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible.

Read More

January 2012 Security Bulletin Webcast Q&A

Thursday, January 12, 2012

Hello, Today we published the January Security Bulletin Webcast Questions & Answers page. We fielded nine questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page.

Read More