msrc

News from MAPP, and Advance Notification Service for the December 2011 Bulletin Release

Thursday, December 08, 2011

Hello all. Before we look at next week’s bulletin release, we’d like to point out an update to our Microsoft Active Protections Program (MAPP) that should provide customers with greater transparency as to how MAPP partners use the information we share with them when we release security advisories. As you know, we work closely with our MAPP partners to share information on issues as they arise, thus extending protections to the greatest possible number of computers on the Internet.

• ANS
• Microsoft Active Protections Program (MAPP)

Microsoft releases Security Advisory 2641690, updates Untrusted Certificate Store

Thursday, November 10, 2011

Hi everyone, As a follow-up to Friday’s blog post, today we released Security Advisory 2641690 to notify customers that we revoked the trust of DigiCert Sdn.Bhd in an update that moves two Intermediate Certificate Authorities (CA) certificates to the Microsoft Untrusted Certificate Store. We made this decision after Entrust, Inc., a CA in the Microsoft Root Certificate Program, notified us that one of its subordinate CAs issued 22 certificates with weak 512 bit keys, a violation of Microsoft’s Root Certificate Program requirements.

• Security Advisory

Microsoft hosts BlueHatv11, releases four bulletins

Tuesday, November 08, 2011

Hello, On this November Update Tuesday, we’re recapping the BlueHat conference, which Microsoft hosted in Redmond last week. We are also releasing four security updates, so please read on for details. Microsoft hosted its 11th installment of the BlueHat conference Nov. 2-4. The event featured presentations from hand-picked security researchers about current and emerging security threats.

Advance Notification for November 2011

Thursday, November 03, 2011

Hello, As we do each month, we’re providing advance notification on the release of four security bulletins, one Critical, two Important, and one Moderate, to address four CVEs in Windows. As usual, the bulletin release is scheduled for the second Tuesday of the month, Nov. 8, at approximately 10 a.m. PT.

• ANS

Microsoft releases Security Advisory 2639658

Thursday, November 03, 2011

Hi everyone, Today we released Security Advisory 2639568 to provide customer guidance for the Windows kernel issue related to the Duqu malware. I would like to provide you information on how to protect your system(s), how we are addressing the issue, and insight into our threat landscape monitoring capabilities. The security advisory provides a workaround that can be applied to any Windows system.

• Advisory
• Security Advisory

Untrusted Certificate Store to be updated

Thursday, November 03, 2011

Hi everyone, This post is to notify customers that Microsoft will revoke trust in an Intermediate Certificate Authority, DigiCert Sdn. Bhd. (Digicert Malaysia) in an update to be released through Windows Update. DigiCert Sdn. Bhd is a Malaysian subordinate CA under Entrust and Verizon (GTE CyberTrust). There is no relationship between DigiCert Malaysia and DigiCert Inc.

Q&A from the October 2011 Security Bulletin Webcast

Saturday, October 15, 2011

Hello, Today we published the October Security Bulletin Webcast Questions & Answers page. We fielded eight questions across all bulletins. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, November 9th at 11am PDT (UTC -7), when we will go into detail about the November bulletin release and answer questions live on the air.

• Security Bulletin
• Security bulletin release
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A
• Webcast Q&A

October Update Tuesday: Security Intelligence Report volume 11 announced

Tuesday, October 11, 2011

Hello, On this October Update Tuesday, we are releasing the 11th volume of the Security Intelligence Report, SIRv11, which puts zero-day vulnerabilities into context against other global threats. We are also releasing eight security updates so please read on for details. A new method of analyzing malware distribution indicates that in the first half of 2011 zero-day issues account for a very small percentage of actual infections.

Advanced Notification for the October 2011 Bulletin Release

Thursday, October 06, 2011

Hello, As we do each month, we’re providing advanced notification on the release of eight security bulletins, two Critical and six Important, to address 23 vulnerabilities across Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server. As usual, the bulletin release is scheduled for the second Tuesday of the month, October 11, at approximately 10 a.

Microsoft releases Security Advisory 2588513

Monday, September 26, 2011

Hello. Today we released Security Advisory 2588513, addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a whole rather than any specific platform. Our Advisory addresses the issue via the Windows operating system.

• Advisory
• Security Advisory