MSRC

ANS for February 2012, and some notes on SDL

Thursday, February 09, 2012

Hello. Today we’re releasing our advance notification for the February security bulletin release, which is scheduled for Tuesday, February 14. This month’s release includes nine bulletins addressing 21 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and .NET/Silverlight. As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible.

• ANS

January 2012 Security Bulletin Webcast Q&A

Thursday, January 12, 2012

Hello, Today we published the January Security Bulletin Webcast Questions & Answers page. We fielded nine questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page.

• Security Bulletin Webcast

January 2012 Security Bulletins Released

Tuesday, January 10, 2012

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft products. Customers should plan to install all of these updates as soon as possible.

January 2012 ANS is released

Thursday, January 05, 2012

Hello. Today we’re releasing our advance notification for the January security bulletin release, which is scheduled for Tuesday, January 10. This month’s release includes seven bulletins addressing eight vulnerabilities in Microsoft Windows and Microsoft Developer Tools And Software. As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible.

• ANS
• Security

December 2011 Out-Of-Band Bulletin Release: Q&A and Webcast

Friday, December 30, 2011

Hello, Today we published the December 2011 Out-of-Band Security Bulletin Webcast Questions & Answers page. We fielded 41 questions on the subject of MS11-100. There were four questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page. We invite our customers to join us for the next public webcast scheduled for Wednesday, January 11, 2012 at 11 a.

Microsoft releases MS11-100 for Security Advisory 2659883

Thursday, December 29, 2011

Hello, Today we released Security Update MS11-100 to address the issue described in Security Advisory 2659883. The security update has a severity rating of Critical and resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework. Of note, the new method of hash collision attacks used to exploit this vulnerability is an industry-wide issue affecting various Web platforms, including ASP.

Advanced Notification for out-of-band release to address Security Advisory 2659883

Wednesday, December 28, 2011

Hello, Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST. The bulletin has a severity rating of Critical and addresses a publicly disclosed vulnerability in ASP.

• ANS
• OOB
• Security Advisory

Microsoft releases Security Advisory 2659883, offers workaround for industry-wide issue

Tuesday, December 27, 2011

Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions of .NET Framework, however we recommend customers use the mitigation and workaround described in the Advisory to help protect sites against this new method to exploit hash tables.

December 2011 Bulletin Release Q&A and Slide Deck

Monday, December 19, 2011

Hello, Today we published the December Security Bulletin Webcast Questions & Answers page. We fielded six questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. For more details on this month’s bulletins, click here to view the slide deck used in the webcast. See below to view the webcast.

• Bulletins
• Q&A
• Security
• Webcast Q&A

December 2011 Security Bulletin Webcast Q&A

Thursday, December 15, 2011

Hosts: Jonathan Ness, Security Development Manager, MSRC Jerry Bryant, Group Manager, Trustworthy Computing Communications Website: TechNet/Security ** Chat Topic: December 2011 Security Bulletin Release ** Date: Wednesday, December 14, 2011 ** Q: Some of my users had issues with text being deleted from Word documents. Is this an issue with the Office security bulletin**?

• Bulletins
• Security
• Webcast