Tuesday, August 10, 2010
Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments: MS10-052 This bulletin resolves a privately reported vulnerability in Microsoft’s MPEG Layer-3 audio codecs.
Tuesday, August 10, 2010
Hi everyone, Yesterday we tweeted to let customers know that we were investigating a publicly disclosed vulnerability in the Windows Kernel-mode drivers (win32k.sys) affecting all supported operating systems. We are not aware of attacks that try to use the reported vulnerability or of any customer impact at this time. Today we have more information, as well as a planned course of action.
Thursday, August 05, 2010
Hello; I’m Angela Gunn and I’m new to the Response Communications team. Today we’re releasing our advance notification for the August security bulletin release, which is scheduled for Tuesday, August 10. This month’s release is composed of 14 bulletins addressing 34 vulnerabilities in Windows, Microsoft Office, Internet Explorer, SQLMSXML, and Silverlight.
Tuesday, August 03, 2010
Hello - During today’s webcast our team of technical experts answered over fifty questions regarding the August 2010 Out-of-Band Security Release update questions. Click hereto review the entire list of questions and answers from today’s Out-of-Band webcast Q&A page. Also, here is the link to the Q&A index page for your review - in case you wanted to view any of the past 12 webcast Q&A’s.
Monday, August 02, 2010
Hello, As we announced on Friday, today we released Security Bulletin MS10-046 out-of-band to address a vulnerability in Windows. This security update addresses a vulnerability in the handling of shortcuts that affects all currently supported versions of Windows XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2. As our colleagues over in the MMPC have noted, several families of malware have been attempting to attack this vulnerability.
Thursday, July 29, 2010
Today we’re announcing plans to release a security update to address the vulnerability discussed in Security Advisory 2286198 on Monday, August 2, 2010 at or around 10 AM PDT. We are releasing the bulletin as we’ve completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers.
Wednesday, July 28, 2010
Two years ago, in front of a standing-room only crowd here at Black Hat, we introduced three new information sharing programs as well as the concept of Community-Based Defense. The underlying concept shared by all three programs was simple-collaboration will be key to preventing and defending against online crime going forward; no one company, individual or technology can do it alone.
Thursday, July 22, 2010
Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of “Responsible Disclosure” to “Coordinated Vulnerability Disclosure.” In recognition of the endless debate between responsible disclosure and full disclosure proponents and its ability to detract from meaningful and productive industry collaboration and customer defense, we believe that the community mindset needs to shift, framing a key point - that coordination and collaboration are required to resolve issues in a way that minimizes risk and disruption for customers.
Thursday, July 22, 2010
BH Landscape Next week, many of us here will be heading down to Las Vegas for Black Hat. The MSRC, and other teams in Microsoft, have been attending Black Hat for years. In fact, we’ve been sponsoring the show for the last eight years-the last five as a platinum sponsor. Some might ask why?
Wednesday, July 21, 2010
Hi, During the July 2010 webcast, we fielded questions varying from the re-release of MS10-024 to answers for the error messages received during the application of MS10-041 and more. Click hereto review the full Q&A page so you can see all of the answers that were provided for these and the other great questions from the July webcast.
