MSRC

Advanced Notification for the October 2011 Bulletin Release

Thursday, October 06, 2011

Hello, As we do each month, we’re providing advanced notification on the release of eight security bulletins, two Critical and six Important, to address 23 vulnerabilities across Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server. As usual, the bulletin release is scheduled for the second Tuesday of the month, October 11, at approximately 10 a.

Microsoft releases Security Advisory 2588513

Monday, September 26, 2011

Hello. Today we released Security Advisory 2588513, addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a whole rather than any specific platform. Our Advisory addresses the issue via the Windows operating system.

• Advisory
• Security Advisory

Cumulative non-security update protects from fraudulent certificates

Monday, September 19, 2011

Today, Microsoft re-released KB2616676 non-security update for customers using Microsoft Windows XP and Windows Server 2003, which addresses an issue described in the “known issues” section of KB2616676. Customers who have enabled automatic updates are already protected and no further action is required, and others are recommended to download the cumulative version of the KB2616676 to protect themselves from the fraudulent certificates listed in Security Advisory 2607712.

Q&A from the September 2011 Security Bulletin Webcast

Friday, September 16, 2011

Hello, Today we published the September Security Bulletin Webcast Questions & Answers page. We fielded 15 questions primarily regarding the Diginotar Certificate compromise and the associated Security Advisory. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page.

• Monthly bulletin release
• Security
• Security Bulletin
• Security Update
• Security Update Webcast Q & A
• Webcast Q&A

More on DigiNotar Certificates, and September Bulletins

Tuesday, September 13, 2011

In an effort to protect customers, last week we released Security Advisory 2607712 along with a non-security update to add fraudulent DigiNotar certificates to the Windows Untrusted Certificate Store. Today, we are releasing another update (2616676), adding six additional DigiNotar root certificates that are cross-signed by Entrust and GTE, to the Untrusted Certificate Store.

Advanced Notification for the September 2011 Bulletin Release

Thursday, September 08, 2011

Hello everyone, As we do each month, we’re providing advanced notification on the release of five Important security bulletins, addressing 15 vulnerabilities, to help protect customers using Microsoft Windows and Office. As usual, the bulletin release is scheduled for the second Tuesday of the month, September 13, at approximately 10 a.

Microsoft updates Security Advisory 2607712

Tuesday, September 06, 2011

Today we’re updating Security Advisory 2607712, to announce that based on our investigation, we’ve deemed all DigiNotar certificates to be untrustworthy and have moved them to the Untrusted Certificate Store. Additionally, we have extended our support with this update so all customers using Windows XP, Windows Server 2003, and all Windows supported third-party applications are protected.

More on Microsoft’s response to the DigiNotar compromise

Sunday, September 04, 2011

This blog post was updated Sept. 5, 2011 below. Microsoft’s investigation into the scope and impact of the DigiNotar compromise has continued over the holiday weekend. We’ve now confirmed that spoofed certificates for *.microsoft.com and *.windowsupdate.com are among those issued by the Dutch firm. Users of Vista and later operating systems have been protected since we released Security Advisory 2607712 on August 29.

• Security

Microsoft Releases Security Advisory 2607712

Monday, August 29, 2011

Today we’re releasing Security Advisory 2607712, to address at least one fraudulent digital certificate issued by DigiNotar, a root certificate authority. DigiNotar has since revoked the digital certificate. This is not a Microsoft security vulnerability; however, the certificate potentially affects Internet users attempting to access websites belonging to Google. A fraudulent certificate may be used to spoof Web content, perform phishing attacks or perform man-in-the-middle attacks against end users.

Q&A From the August 2011 Security Bulletin Webcast

Thursday, August 11, 2011

Hello, Today we published the August Security Bulletin Webcast Questions & Answers page. We fielded six questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page.

• Malicious Software Removal Tool (MSRT)
• Monthly bulletin release
• Security
• Security Bulletin
• Security bulletin release
• Security Update
• Security Update Webcast Q & A
• Webcast Q&A