Tuesday, July 24, 2012
Hello – Today we published Security Advisory 2737111, which provides mitigations and workarounds that will help protect customers from a known vulnerability in one of Oracle’s Outside In libraries, which were updated earlier this month. Microsoft licenses the libraries from Oracle and uses them in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint.
Tuesday, July 24, 2012
In a little less than 24 hours, we will award $200,000 to Jared DeMott, Ivan Fratric, or Vasilis Pappas as we name the inaugural winner of the BlueHat Prize – and we’ll award more than $50,000 for the two runners-up. As excitement builds towards that announcement, I was fortunate enough to sit down with each finalist and get to know them a little bit better.
Monday, July 16, 2012
Hello, To mark the start of the 10-day countdown to the BlueHat Prize award ceremony, the MSRC Ecosystem Strategy Team is announcing the BlueHat Prize Question Sweepstakes that will give you a chance to win $5,000 at Black Hat this year! Be sure to check out the official announcement here and the official rules here to see how your input could help us shape a future BlueHat Prize contest.
Friday, July 13, 2012
Today we published the July Security Bulletin Webcast Questions & Answers page, and the July 2012 Security Bulletin Release Webcast slide deck. We fielded 15 questions on various topics during the webcast, including bulletins and advisory details, deployment questions, and plans for later updates. We also received a question that we weren’t able to tackle in the allotted time; we’ve answered that one in the Q&A as well.
Tuesday, July 10, 2012
Before we dive into the July security updates, let’s change up the normal order and take a look at the two Security Advisories we are releasing today. One takes an exciting step into the future, while the other prepares us to take an equally important step away from the past.
Thursday, July 05, 2012
Hello – As per our usual cadence, today we’re releasing our advance notification for this month’s security bulletin release, which is scheduled for Tuesday, July 10. The July release includes nine bulletins addressing 16 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Visual Basic for Applications. We will release all nine bulletins on Tuesday at approximately 10 a.
Thursday, June 21, 2012
Hello, The judges have finished reviewing the submissions for the first BlueHat Prize contest and the finalists are in! Please visit www.BlueHatPrize.com for details on the three finalists and their entries that mitigate return-oriented programming (ROP). The finalists will collectively be awarded over a quarter million dollars in cash and prizes at the Microsoft Researcher Appreciation Party following the Black Hat briefings in Las Vegas on July 26, 2012.
Friday, June 15, 2012
Hello, Today we published the June Security Bulletin Webcast Questions & Answers page, and the June 2012 Security Bulletin Release Webcast slide deck. We fielded 23 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Our webcast from Wednesday is now available for on-demand viewing.
Wednesday, June 13, 2012
During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we’ve built a Fix it workaround that blocks the potential attack vector in Internet Explorer. Fix its are a labor-saving mechanism that helps protect customers from a specific issue in advance of a comprehensive security update.
Tuesday, June 12, 2012
For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.
