Monday, September 17, 2012
Today we released Security Advisory 2757760 to address an issue that affects Internet Explorer 9 and earlier versions if a user views a website hosting malicious code. Internet Explorer 10 is not affected. We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue.
Friday, September 14, 2012
Hello, Today we published the September Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded thirteen questions, focusing primarily on MS12-061, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Security Advisory 2736233, addressing Update Rollup for ActiveX Kill Bits. We have the slide deck from the webcast available for on-demand viewing as well.
Tuesday, September 11, 2012
As I previously mentioned in the Advance Notification blog on Thursday, today we are releasing two security bulletins, both of which are rated Important. These bulletins will increase protection by addressing two unique vulnerabilities in the following Microsoft products: MS12-061 (Visual Studio Team Foundation Server) This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server.
Thursday, September 06, 2012
简体中文, 繁體中文, Français, Italiano, 日本語, 한국어, México, Portuguese (Brazil), Русский Hello there. As we prepare for
Monday, August 20, 2012
Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this scenario are advised to review the guidance described in the advisory to help protect themselves.
Friday, August 17, 2012
Hello. Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls, MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing trust certificates with RSA keys less than 1024 bit key lengths. Three additional questions were answered after the webcast.
Tuesday, August 14, 2012
Security Advisory 2661254 - Update For Minimum Certificate Key Length Before we get into the details of this month’s bulletin release, let’s take a look at an important change on how Windows deals with certificates that have RSA keys of less than 1024 bits in length. We’ve been talking about this subject since June, and today we are announcing the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length with Security Advisory 2661254.
Thursday, August 09, 2012
Today we’re providing advanced notification on the release of nine bulletins, five Critical and four Important, for August 2012. The five Critical security bulletins are addressing ten vulnerabilities in Microsoft Windows, Internet Explorer, Exchange, SQL Server, Server Software, and Developer Tools. The bulletin for Exchange will address the issue first described in Security Advisory 2737111.
Thursday, July 26, 2012
Minutes ago in Las Vegas at the Microsoft Researcher Appreciation Party, we completed the journey we set out on together at the 2011 Black Hat briefings. There, we asked the security research community to focus its talent and expertise on defense, to design and prototype novel runtime mitigation technologies to prevent the successful exploitation of memory safety vulnerabilities.
Tuesday, July 24, 2012
One year ago this week we challenged the security community to take an unconventional focus on defensive innovation. We called that challenge the BlueHat Prize, and tomorrow night, we will award the grand prize of $200,000 to one of the finalists, either Jared DeMott, Ivan Fratric, or Vasilis Pappas. All three finalists submitted prototype mitigations that help prevent exploits that use Return Oriented Programming (ROP) techniques.
