MSRC

Rustock updates and Advance Notification Service for the July 2011 Security Bulletin Release

Thursday, July 07, 2011

Hello all – This week we released a special Security Intelligence Reportthat showcases some of the data we amassed in the wake of the big Rustock botnet takedown in the spring of 2010. The new SIR also delves into the diplomacy, secrecy and intellectual property law that all played important roles in the successful international effort that led to the takedown of the Rustock botnet on March 16.

• ANS
• Microsoft Office
• Microsoft Windows

Q&A from June 2011 Security Bulletin Webcast

Saturday, June 18, 2011

Hello, Today we published the June Security Bulletin Webcast Questions & Answers page. We fielded fifteen questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There were two questions during the webcast that we were unable to answer, and we have included those questions and answers on the Q&A page.

Autorun-Related Malware Declines and the June 2011 Security Bulletin Release

Tuesday, June 14, 2011

Hello there. First off, I’d like to share some news regarding the updates we made to the Autorun feature in Security Advisory 967940, which we released in February 2011. The advisory made changes to how Autorun handles “non-shiny” media (eg., USB thumb drives). The change was expected to make a significant difference to infection rates by malware that uses Autorun to propagate, and we’ve been monitoring those rates ever since.

• Internet Explorer (IE)
• Malicious Software Removal Tool (MSRT)
• Security Bulletin
• Security bulletin release
• Security Update

June Advance Notification Service and 10 Immutable Laws Revisited

Thursday, June 09, 2011

Before we get into this month’s release, we wanted to alert you to updates to a document that’s been central to much of how Microsoft thinks about security. Ten years ago, Microsoft penned the “Ten Immutable Laws of Security,” which debuted on TechNet. It was written before the rise of – among other technologies and trends – cloud computing, social networking, widespread smartphone adoption, and Windows XP, to name but a few landmarks along the way.

• ANS
• Internet Explorer (IE)
• Monthly bulletin release
• Security
• Security Bulletin

MS11-018 re-released for IE7 on Windows XP and Server 2003

Monday, May 16, 2011

Hello, Today we re-released MS11-018. If you are using Internet Explorer 7 on supported editions of Windows XP and Windows Server 2003 you may be offered this re-release. For more details, please see the security bulletin, MS11-018. Thank you, Pete Voss Sr. Response Communications Manager Microsoft Trustworthy Computing

Q&A from May 2011 Security Bulletin Webcast

Thursday, May 12, 2011

Hello, Today we published the May Security Bulletin Webcast Questions & Answers page. We fielded twelve questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.

• Exploitability
• Malicious Software Removal Tool (MSRT)
• Microsoft Office
• Monthly bulletin release
• Security
• Security Bulletin
• Security bulletin release
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A
• Webcast Q&A

May 2011 Security Bulletin Release

Tuesday, May 10, 2011

Hello everyone, Pete Voss here again, and as I previously mentioned in the Advanced Notification on Thursday, today we are releasing two bulletins to help protect customers. The bulletins address a Critical vulnerability in Microsoft Windows and two Important vulnerabilities in Microsoft Office. MS11-035 is the sole Critical bulletin this month, and we recommend customers prioritize this bulletin.

Exploitability Index Improvements & Advance Notification Service for May 2011 Bulletin Release

Thursday, May 05, 2011

Hello everyone, Today we are announcing changes to Microsoft’s Exploitability Index. Since October 2008, we have used the Exploitability Index to provide customers with valuable exploitability analysis for our security bulletins, and starting Tuesday this information will become even more comprehensive for those who use Microsoft’s latest platforms. The Exploitability Index assesses the likelihood of functional exploit code being developed for a particular vulnerability.

• Announcements
• ANS
• Exploitability
• Exploitability Index
• Monthly bulletin release
• Security
• Security Bulletin
• Security bulletin release
• Security Update

Exploitability Index Improvements Now Offer Additional Guidance

Thursday, May 05, 2011

Exploitability Index Improvements Now Offer Additional Guidance In October of 2008, Microsoft published its first Exploitability Index: a rating system that helps customers identify the likelihood that a specific vulnerability would be exploited within the first 30 days after bulletin release. As of this month, we are making some changes to the rating system to make vulnerability assessment more clear and digestible for customers.

• Exploitability
• Exploitability Index
• Monthly bulletin release
• Security
• Vulnerability

Coordinated Vulnerability Disclosure: From Philosophy to Practice

Tuesday, April 19, 2011

Last summer at the Black Hat security conference, we announced a philosophical shift in how we refer to vulnerability disclosure, called “Coordinated Vulnerability Disclosure” (CVD). Our intent was to focus on how coordination and collaboration are required to resolve security issues in a way that minimizes risk and disruption for customers.

• CVD