trustworthy computing

As my career in security response has grown over the years, I am often reminded of the words of Italian author Giuseppe Tomasi Di Lampedusa, who stated, “If we want everything to remain as it is, it will be necessary for everything to change.” There are some things that we wish to...

Before we discuss this month’s release, I wanted to briefly touch on the big event happening this week. No, I’m not talking about the romantically-themed holiday on Thursday. I’m talking about the start of spring training and the return of baseball. There are a few things I am...

We’re kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address...

Today we’re publishing the Link Removed. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join...

Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers...

Today we’re publishing the Link Removed. During the webcast, we fielded 12 questions focusing primarily on the Print Spooler (Link Removed) and .NET Framework (Link Removed) updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled...

At the end of each year, some folks take a moment to jot down predictions about what the coming year has in store. I, on the other hand, do not do predictions. I am neither prognosticator, seer, fortune teller, prophet, clairvoyant, soothsayer, nor medium; although I have been accused of being a...

On behalf of all of us here at Microsoft, I’d like to wish everyone a very happy New Year! With 2013 starting on a Tuesday, our monthly bulletin release is upon us a bit earlier than usual. Next Tuesday we’ll release seven bulletins; two Critical and five Important, which address...

Hello, Today we’re publishing the Link Removed. During the webcast, we fielded five questions focusing primarily on Microsoft Word and the Office compatibility pack in Link Removed. All questions are included on the Q&A page. We invite our customers to join us for the next public webcast...

Happy holidays! I hope everyone is enjoying the festive season. I like to get my holiday shopping done early, and this year was no exception. In the middle of my holiday shopping last week, as I passed my cash from one store to the next, I was reminded of “Pass-the-Hash.” (My mind...

Hello, Today we’re publishing the Link Removed - Invalid URL. During the webcast, we fielded ten questions focusing primarily Windows RT, Windows 8, and Windows Server 2012 detection and deployment, MS12-072 (Windows Shell), and MS12-073 (IIS). All questions are included on the Q&A page...

Some of you may have noticed us improving our defense-in-depth practices for bulletins by supplying sha1 and sha2 hashes in the Knowledge Base (KB) articles. This has been most visible in the KB with the addition of the “File hash information” section, but it is also noted in the...

Hello, Today we published the Link Removed due to 404 Error. During the webcast, we fielded five questions focusing primarily on Link Removed addressing trust certificates with RSA keys less than 1024 bit key lengths. One additional question was answered after the webcast. All questions are...

Today we’re providing advance notification of the release of seven bulletins, one Critical and six Important, for October 2012. The Critical bulletin addresses vulnerabilities in Microsoft Word. The six Important-rated bulletins will address issues in Windows, Microsoft Office, and SQL...

Hello. Today we’re publishing the Link Removed due to 404 Error. During the webcast, we fielded 19 questions. Those were focused on MS12-063, the out-of-band cumulative release for Internet Explorer, and Link Removed, which involves an issue with the Adobe Flash Player implementation for...

Today we released Security Update MS12-063 to address limited attacks against a small number of computers through a vulnerability in Internet Explorer versions 9 and earlier. The majority of customers have automatic updates enabled and will not need to take any action because protections will be...

Hello, Today we published the Link Removed due to 404 Error. During the webcast, we fielded thirteen questions, focusing primarily on Link Removed due to 404 Error, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Link Removed due to...

As I previously mentioned in the Advance Notification blog on Thursday, today we are releasing two security bulletins, both of which are rated Important. These bulletins will increase protection by addressing two unique vulnerabilities in the following Microsoft products: MS12-061 (Visual...

Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this...

Hello. Today we’re publishing the Link Removed due to 404 Error. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls, MS12-052 regarding Internet Explorer, and Link Removed addressing trust certificates with RSA keys less than...