MSRC

Announcing Coordinated Vulnerability Disclosure

Thursday, July 22, 2010

Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of “Responsible Disclosure” to “Coordinated Vulnerability Disclosure.” In recognition of the endless debate between responsible disclosure and full disclosure proponents and its ability to detract from meaningful and productive industry collaboration and customer defense, we believe that the community mindset needs to shift, framing a key point - that coordination and collaboration are required to resolve issues in a way that minimizes risk and disruption for customers.

Black Hat 2010

Thursday, July 22, 2010

BH Landscape Next week, many of us here will be heading down to Las Vegas for Black Hat. The MSRC, and other teams in Microsoft, have been attending Black Hat for years. In fact, we’ve been sponsoring the show for the last eight years-the last five as a platinum sponsor. Some might ask why?

July 2010 Security Bulletin Webcast

Wednesday, July 21, 2010

Hi, During the July 2010 webcast, we fielded questions varying from the re-release of MS10-024 to answers for the error messages received during the application of MS10-041 and more. Click hereto review the full Q&A page so you can see all of the answers that were provided for these and the other great questions from the July webcast.

Security Advisory 2286198 Updated

Tuesday, July 20, 2010

We’ve just updated Microsoft Security Advisory 2286198 to let customers know that we now have an automated “Fix It” available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running the “Fix It” can help prevent attacks attempting to exploit this vulnerability.

• Attack
• Attack Vector
• Microsoft Windows
• Mitigations
• Security Advisory
• Workarounds
• Zero-Day Exploit

Security Advisory 2286198 Released

Friday, July 16, 2010

Hi everyone, We have released Security Advisory 2286198, which addresses a publicly reported vulnerability in Windows Shell. Microsoft has found that this vulnerability is most likely to be exploited through removable drives. Currently, we have seen only limited, targeted attacks on this vulnerability. In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware, a threat family already known to the Microsoft Malware Protection Center.

July 2010 Security Bulletin Release

Tuesday, July 13, 2010

Hi everyone. As part of our usual monthly update cycle, today Microsoft is releasing four security bulletins to address five vulnerabilities in Windows and Microsoft Office. MS10-042 resolves a publicly disclosed and actively exploited vulnerability discussed in Security Advisory 2219475. The update addresses an issue in the Windows Help and Support Center feature included in Windows XP and Windows Server 2003.

• Attack
• Emerging Threat
• Microsoft Office
• Microsoft Windows
• Security Advisory
• Security Bulletin
• Security Update
• Video
• Zero-Day Exploit

July 2010 Bulletin Release Advance Notification

Thursday, July 08, 2010

Hi everyone. Today we’re releasing our advance notification for the July security bulletin release, which is scheduled for Tuesday, July 13. This month’s release includes four bulletins addressing five vulnerabilities. Two bulletins, both with a severity rating of Critical, affect Windows. Two of the bulletins affect Microsoft Office; of those, one carries a Critical severity rating and one is rated Important.

• Microsoft Office
• Microsoft Windows
• Security Bulletin
• Security Update

Monthly Security Bulletin Webcast Q&A - June 2010

Friday, June 11, 2010

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Group Manager, Response Communications Website: TechNet/security Chat Topic: June 2010 Security Bulletin Release Date: Tuesday, June 8, 2010 Q: The .NET updates are only a security update correct? Not a service pack or rollup, right? A: The June Security Bulletin release had one security bulletin, MS10-041, for the .

• Webcast Q&A

Security Advisory 2219475 Released

Thursday, June 10, 2010

Hello - We have released Security Advisory 2219475, addressing the vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. We are not aware of any active attacks at this time. Customers running Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not vulnerable to this issue or at risk of attack.

• Microsoft Windows
• Security Advisory
• Zero-Day Exploit

Windows Help Vulnerability Disclosure

Thursday, June 10, 2010

Hello, We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We are not aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack.

• Microsoft Active Protections Program (MAPP)
• Microsoft Windows
• Mitigations
• Security Advisory
• Workarounds