trustworthy computing

  1. Evolving Response and the March 2013 Bulletin Release

    As my career in security response has grown over the years, I am often reminded of the words of Italian author Giuseppe Tomasi Di Lampedusa, who stated, “If we want everything to remain as it is, it will be necessary for everything to change.” There are some things that we wish to...
  2. Baseball, Bulletins and the February 2013 Release

    Before we discuss this month’s release, I wanted to briefly touch on the big event happening this week. No, I’m not talking about the romantically-themed holiday on Thursday. I’m talking about the start of spring training and the return of baseball. There are a few things I am...
  3. Advance Notification Service for the February 2013 Security Bulletin Release

    We’re kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address...
  4. January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the Link Removed. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join...
  5. Advance Notification for Update to Address Security Advisory 2794220

    Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers...
  6. January 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the Link Removed. During the webcast, we fielded 12 questions focusing primarily on the Print Spooler (Link Removed) and .NET Framework (Link Removed) updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled...
  7. Predictions and the January 2013 Bulletin Release

    At the end of each year, some folks take a moment to jot down predictions about what the coming year has in store. I, on the other hand, do not do predictions. I am neither prognosticator, seer, fortune teller, prophet, clairvoyant, soothsayer, nor medium; although I have been accused of being a...
  8. Advance Notification Service for the January 2013 Security Bulletin Release

    On behalf of all of us here at Microsoft, I’d like to wish everyone a very happy New Year! With 2013 starting on a Tuesday, our monthly bulletin release is upon us a bit earlier than usual. Next Tuesday we’ll release seven bulletins; two Critical and five Important, which address...
  9. December 2012 Security Bulletin Webcast, Q&A, and Slide Deck

    Hello, Today we’re publishing the Link Removed. During the webcast, we fielded five questions focusing primarily on Microsoft Word and the Office compatibility pack in Link Removed. All questions are included on the Q&A page. We invite our customers to join us for the next public webcast...
  10. It’s That Time of Year, For the December 2012 Bulletin Release

    Happy holidays! I hope everyone is enjoying the festive season. I like to get my holiday shopping done early, and this year was no exception. In the middle of my holiday shopping last week, as I passed my cash from one store to the next, I was reminded of “Pass-the-Hash.” (My mind...
  11. November 2012 Security Bulletin Webcast, Q&A, and Slide Deck

    Hello, Today we’re publishing the Link Removed - Invalid URL. During the webcast, we fielded ten questions focusing primarily Windows RT, Windows 8, and Windows Server 2012 detection and deployment, MS12-072 (Windows Shell), and MS12-073 (IIS). All questions are included on the Q&A page...
  12. Verifying update hashes

    Some of you may have noticed us improving our defense-in-depth practices for bulletins by supplying sha1 and sha2 hashes in the Knowledge Base (KB) articles. This has been most visible in the KB with the addition of the “File hash information” section, but it is also noted in the...
  13. October 2012 Security Bulletin Webcast, Q&A, and Slide Deck

    Hello, Today we published the Link Removed due to 404 Error. During the webcast, we fielded five questions focusing primarily on Link Removed addressing trust certificates with RSA keys less than 1024 bit key lengths. One additional question was answered after the webcast. All questions are...
  14. Advance Notification Service for October 2012 Security Bulletin Release

    Today we’re providing advance notification of the release of seven bulletins, one Critical and six Important, for October 2012. The Critical bulletin addresses vulnerabilities in Microsoft Word. The six Important-rated bulletins will address issues in Windows, Microsoft Office, and SQL...
  15. September 2012 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

    Hello. Today we’re publishing the Link Removed due to 404 Error. During the webcast, we fielded 19 questions. Those were focused on MS12-063, the out-of-band cumulative release for Internet Explorer, and Link Removed, which involves an issue with the Adobe Flash Player implementation for...
  16. Microsoft releases MS12-063 – Cumulative Security Update for Internet Explorer

    Today we released Security Update MS12-063 to address limited attacks against a small number of computers through a vulnerability in Internet Explorer versions 9 and earlier. The majority of customers have automatic updates enabled and will not need to take any action because protections will be...
  17. September 2012 Security Bulletin Webcast, Q&A, and Slide Deck

    Hello, Today we published the Link Removed due to 404 Error. During the webcast, we fielded thirteen questions, focusing primarily on Link Removed due to 404 Error, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Link Removed due to...
  18. Update Tuesday overview for September 2012

    As I previously mentioned in the Advance Notification blog on Thursday, today we are releasing two security bulletins, both of which are rated Important. These bulletins will increase protection by addressing two unique vulnerabilities in the following Microsoft products: MS12-061 (Visual...
  19. Security Advisory 2743314 released

    Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this...
  20. August 2012 Security Bulletin Webcast, Q&A, and Slide Deck

    Hello. Today we’re publishing the Link Removed due to 404 Error. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls, MS12-052 regarding Internet Explorer, and Link Removed addressing trust certificates with RSA keys less than...