MSRC

Microsoft releases Security Advisory 2659883, offers workaround for industry-wide issue

Tuesday, December 27, 2011

Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions of .NET Framework, however we recommend customers use the mitigation and workaround described in the Advisory to help protect sites against this new method to exploit hash tables.

December 2011 Bulletin Release Q&A and Slide Deck

Monday, December 19, 2011

Hello, Today we published the December Security Bulletin Webcast Questions & Answers page. We fielded six questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. For more details on this month’s bulletins, click here to view the slide deck used in the webcast. See below to view the webcast.

• Bulletins
• Q&A
• Security
• Webcast Q&A

December 2011 Security Bulletin Webcast Q&A

Thursday, December 15, 2011

Hosts: Jonathan Ness, Security Development Manager, MSRC Jerry Bryant, Group Manager, Trustworthy Computing Communications Website: TechNet/Security ** Chat Topic: December 2011 Security Bulletin Release ** Date: Wednesday, December 14, 2011 ** Q: Some of my users had issues with text being deleted from Word documents. Is this an issue with the Office security bulletin**?

• Bulletins
• Security
• Webcast

A look back at 2011’s security landscape

Tuesday, December 13, 2011

Hi everyone – Mike Reavey here. Today, we’re releasing our December set of security updates. As we do every month, we’re providing a heads-up on what’s coming in this month’s release as well as offering links to more information so you can plan your deployment. However, since this is the last set of regular monthly security updates this year, I thought I’d take a minute to look back at some of the discoveries the MSRC made in the process of issuing the year’s bulletins.

• Security
• Security Bulletin
• Security Development Lifecycle (SDL)

The December bulletins are released

Tuesday, December 13, 2011

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing 13 security bulletins, three of which are rated Critical in severity, and 10 Important. These bulletins will increase protection by addressing 19 unique vulnerabilities in Microsoft products. Customers should plan to install all of these updates as soon as possible.

• Killbit
• Malicious Software Removal Tool (MSRT)
• Security Bulletin
• Security bulletin release
• Security Update

News from MAPP, and Advance Notification Service for the December 2011 Bulletin Release

Thursday, December 08, 2011

Hello all. Before we look at next week’s bulletin release, we’d like to point out an update to our Microsoft Active Protections Program (MAPP) that should provide customers with greater transparency as to how MAPP partners use the information we share with them when we release security advisories. As you know, we work closely with our MAPP partners to share information on issues as they arise, thus extending protections to the greatest possible number of computers on the Internet.

• ANS
• Microsoft Active Protections Program (MAPP)

Microsoft releases Security Advisory 2641690, updates Untrusted Certificate Store

Thursday, November 10, 2011

Hi everyone, As a follow-up to Friday’s blog post, today we released Security Advisory 2641690 to notify customers that we revoked the trust of DigiCert Sdn.Bhd in an update that moves two Intermediate Certificate Authorities (CA) certificates to the Microsoft Untrusted Certificate Store. We made this decision after Entrust, Inc., a CA in the Microsoft Root Certificate Program, notified us that one of its subordinate CAs issued 22 certificates with weak 512 bit keys, a violation of Microsoft’s Root Certificate Program requirements.

• Security Advisory

Microsoft hosts BlueHatv11, releases four bulletins

Tuesday, November 08, 2011

Hello, On this November Update Tuesday, we’re recapping the BlueHat conference, which Microsoft hosted in Redmond last week. We are also releasing four security updates, so please read on for details. Microsoft hosted its 11th installment of the BlueHat conference Nov. 2-4. The event featured presentations from hand-picked security researchers about current and emerging security threats.

Advance Notification for November 2011

Thursday, November 03, 2011

Hello, As we do each month, we’re providing advance notification on the release of four security bulletins, one Critical, two Important, and one Moderate, to address four CVEs in Windows. As usual, the bulletin release is scheduled for the second Tuesday of the month, Nov. 8, at approximately 10 a.m. PT.

• ANS

Microsoft releases Security Advisory 2639658

Thursday, November 03, 2011

Hi everyone, Today we released Security Advisory 2639568 to provide customer guidance for the Windows kernel issue related to the Duqu malware. I would like to provide you information on how to protect your system(s), how we are addressing the issue, and insight into our threat landscape monitoring capabilities. The security advisory provides a workaround that can be applied to any Windows system.

• Advisory
• Security Advisory