Sunday, July 26, 2009
Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Hey! It’s that time of year again for all of us to pack up and head out to the desert to reconnect, discuss, and plan for the future, or at least what we think will be the future of security.
Friday, July 24, 2009
We have just published our advance notification for an out-of-band security bulletin release, with a target of 10:00 AM Pacific Time next Tuesday, July 28, 2009. While this release is to address a single, overall issue, in order to provide the broadest protections possible to customers, we’ll be releasing two separate security bulletins:
Wednesday, July 15, 2009
Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components). There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed the Fix it workaround in the advisory, do I need to uninstall it before installing the update in the bulletin?
Tuesday, July 14, 2009
Summary of Microsoft’s monthly security bulletin release for July 2009. This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days.
Wednesday, July 08, 2009
Advance Notification for the July 2009 Security Bulletin Release Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of: · Three Critical updates affecting Windows. · One Important update affecting Publisher.
Friday, June 12, 2009
During the security bulletin webcast for June 2009, we answered a wide array of questions around the 10 bulletins we released. Of primary interest to customers, based on the number of questions we received on the topic, is the RPC issue addressed by MS09-026. As this issue affects third party products that utilize RPC in Windows, customers wanted to know if there is a way to tell if their third party product was vulnerable.
Tuesday, June 09, 2009
Summary of Microsoft’s monthly security bulletin release for June 2009. Today we released 10 new security bulletins. 6 of those affect Windows with two rated as critical, three rated as important and one as moderate. The remaining four all have an aggregate rating of critical and affect Internet Explorer, Microsoft Office Word, Microsoft Office Excel and Microsoft Works Converters.
Friday, May 15, 2009
In the May 2009 security bulletin webcast, we addressed several questions relating to MS09-017 in addition to questions about WSUS and MBSA. For those questions that came in after we concluded the webcast, we have provided answers in the published Q&A which you can find here: http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-May-2009.aspx Also, here is the link to the Q&A index page in case you want to view previous months:
Tuesday, May 12, 2009
Summary of Microsoft’s monthly security bulletin release for May 2009. Today we released one security bulletin, MS09-017, affecting our PowerPoint products. This update addresses several vulnerabilities including the issue described in Microsoft Security Advisory 969136. In that advisory, we noted that we were aware of limited, targeted attacks. The security of our customers is important to us and due to these active attacks, we have released the updates for one product line (all versions of Microsoft Office for Windows) so that the majority of our customers can protect their systems.
Tuesday, April 14, 2009
Here I am again writing on MS BlueHat blog, this time about Token Kidnapping. The first time I talked about Token kidnapping was a long time ago and now after a year the issues detailed in the presentation are finally fixed. Let’s see what happened. Before the first public Token Kidnapping presentation I talked to MS about the topics it included, I mentioned that there were design issues and that some issues were already known.
