MSRC

More on Microsoft’s response to the DigiNotar compromise

Sunday, September 04, 2011

This blog post was updated Sept. 5, 2011 below. Microsoft’s investigation into the scope and impact of the DigiNotar compromise has continued over the holiday weekend. We’ve now confirmed that spoofed certificates for *.microsoft.com and *.windowsupdate.com are among those issued by the Dutch firm. Users of Vista and later operating systems have been protected since we released Security Advisory 2607712 on August 29.

• Security

Microsoft Releases Security Advisory 2607712

Monday, August 29, 2011

Today we’re releasing Security Advisory 2607712, to address at least one fraudulent digital certificate issued by DigiNotar, a root certificate authority. DigiNotar has since revoked the digital certificate. This is not a Microsoft security vulnerability; however, the certificate potentially affects Internet users attempting to access websites belonging to Google. A fraudulent certificate may be used to spoof Web content, perform phishing attacks or perform man-in-the-middle attacks against end users.

Q&A From the August 2011 Security Bulletin Webcast

Thursday, August 11, 2011

Hello, Today we published the August Security Bulletin Webcast Questions & Answers page. We fielded six questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page.

• Malicious Software Removal Tool (MSRT)
• Monthly bulletin release
• Security
• Security Bulletin
• Security bulletin release
• Security Update
• Security Update Webcast Q & A
• Webcast Q&A

BlueHat Prize Q&A with Katie Moussouris

Wednesday, August 10, 2011

Hi everyone, Black Hat this year was really great. We spent a lot of time talking to people and getting new perspectives on the security landscape and of course, we announced the BlueHat Prize contest. The reaction to the contest was outstanding. In fact, within the first 24 hours, we had already received a few submissions and a bunch of questions indicating a lot of interest in winning the $200,000 grand prize.

• Security
• Video

A live BlueHat Prize webcast and the August 2011 security updates

Tuesday, August 09, 2011

Hello all. It has been very nearly a week since our BlueHat Prize contest announcement at Black Hat. Now that everyone’s had some time to digest the basics, we’ve asked Senior Security Strategist and chief BlueHat Prize architect Katie Moussouris to stop by the Trustworthy Computing studio today at 11 a.

• Exploitability Index
• Internet Explorer (IE)
• Microsoft Office
• Microsoft Windows
• Security Bulletin

Advance Notification Service for the August 2011 Bulletin Release

Wednesday, August 03, 2011

Hello all. Before we look at next week’s bulletin release, we’d like to recommend – for those of you who missed it in the run-up to this year’s Black Hat conference – the third annual Microsoft Security Response Center Progress Report. Every year around this time, we look back at the progress our key security programs have made.

Announcing the BlueHat Prize for Advancement of Exploit Mitigations

Wednesday, July 27, 2011

Protecting the general computing ecosystem is a really tough job, and given some of the media headlines, it’s easy to get discouraged and wallow in the problems. It seems like we’re constantly bombarded with statistics measuring the number of bugs, vulnerabilities, or attacks in an attempt to build an accurate “state of the state.

• Announcements
• Exploitability
• Mitigations

MSRC Progress Report Shows Continued Progress of MSRC Key Initiatives

Wednesday, July 27, 2011

Today, the MSRC released its third annual progress report highlighting advancements of key Microsoft programs designed to help prevent and defend against online threats. The Microsoft programs featured in this paper include the following: The Microsoft Active Protections Program (MAPP) and Microsoft Vulnerability Research (MSVR) programs are intended to help protect customers through innovative industry collaboration and information sharing.

Q&A From July 2011 Security Bulletin Webcast

Friday, July 15, 2011

Hello, Today we published the July Security Bulletin Webcast Questions & Answers page. We fielded thirteen questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page.

A guide to exploit mitigations and the July 2011 security bulletin release

Tuesday, July 12, 2011

Hello all – Over the years we’ve often talked about exploit mitigations – DEP, ASLR, SEHOP and so forth – as effective tools for improving computer security, reducing risk, preventing attacks, and minimizing operational disruption. Today we’re releasing a user’s guide to the toolbox: “Mitigating Software Vulnerabilities,” a white paper with practical information on choosing and enabling those mitigations.

• Mitigations
• Security Bulletin
• Security bulletin release