trustworthy computing

On behalf of all of us here at Microsoft, I’d like to wish everyone a very happy New Year! With 2013 starting on a Tuesday, our monthly bulletin release is upon us a bit earlier than usual. Next Tuesday we’ll release seven bulletins; two Critical and five Important, which address...

Hello, Today we’re publishing the Link Removed. During the webcast, we fielded five questions focusing primarily on Microsoft Word and the Office compatibility pack in Link Removed. All questions are included on the Q&A page. We invite our customers to join us for the next public webcast...

Happy holidays! I hope everyone is enjoying the festive season. I like to get my holiday shopping done early, and this year was no exception. In the middle of my holiday shopping last week, as I passed my cash from one store to the next, I was reminded of “Pass-the-Hash.” (My mind...

Hello, Today we’re publishing the Link Removed - Invalid URL. During the webcast, we fielded ten questions focusing primarily Windows RT, Windows 8, and Windows Server 2012 detection and deployment, MS12-072 (Windows Shell), and MS12-073 (IIS). All questions are included on the Q&A page...

Some of you may have noticed us improving our defense-in-depth practices for bulletins by supplying sha1 and sha2 hashes in the Knowledge Base (KB) articles. This has been most visible in the KB with the addition of the “File hash information” section, but it is also noted in the...

Today, we’re providing advance notification for six bulletins to help protect customers against 19 CVEs. The four Critical-rated updates will address 13 vulnerabilities in Microsoft Windows, Internet Explorer and the .NET Framework. One bulletin rated Important will address four...

Hello, Today we published the Link Removed due to 404 Error. During the webcast, we fielded five questions focusing primarily on Link Removed addressing trust certificates with RSA keys less than 1024 bit key lengths. One additional question was answered after the webcast. All questions are...

Today we’re providing advance notification of the release of seven bulletins, one Critical and six Important, for October 2012. The Critical bulletin addresses vulnerabilities in Microsoft Word. The six Important-rated bulletins will address issues in Windows, Microsoft Office, and SQL...

Hello. Today we’re publishing the Link Removed due to 404 Error. During the webcast, we fielded 19 questions. Those were focused on MS12-063, the out-of-band cumulative release for Internet Explorer, and Link Removed, which involves an issue with the Adobe Flash Player implementation for...

Today we released Security Update MS12-063 to address limited attacks against a small number of computers through a vulnerability in Internet Explorer versions 9 and earlier. The majority of customers have automatic updates enabled and will not need to take any action because protections will be...

Hello, Today we published the Link Removed due to 404 Error. During the webcast, we fielded thirteen questions, focusing primarily on Link Removed due to 404 Error, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Link Removed due to...

As I previously mentioned in the Advance Notification blog on Thursday, today we are releasing two security bulletins, both of which are rated Important. These bulletins will increase protection by addressing two unique vulnerabilities in the following Microsoft products: MS12-061 (Visual...

Today, we published Security Advisory 2743314, which provides guidance that will help protect customers from a technique that could allow a man-in-the middle attack to obtain a user’s domain credentials when VPN is configured to use PPTP and MSCHAPv2. Customers concerned with this...

Hello. Today we’re publishing the Link Removed due to 404 Error. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls, MS12-052 regarding Internet Explorer, and Link Removed addressing trust certificates with RSA keys less than...

Today we're providing advanced notification on the release of nine bulletins, five Critical and four Important, for August 2012. The five Critical security bulletins are addressing ten vulnerabilities in Microsoft Windows, Internet Explorer, Exchange, SQL Server, Server Software, and Developer...

Minutes ago in Las Vegas at the Microsoft Researcher Appreciation Party, we completed the journey we set out on together at the 2011 Black Hat briefings. There, we asked the security research community to focus its talent and expertise on defense, to design and prototype novel runtime mitigation...

One year ago this week we challenged the security community to take an unconventional focus on defensive innovation. We called that challenge the Link Removed due to 404 Error, and tomorrow night, we will award the grand prize of $200,000 to one of the finalists - Jared DeMott, Ivan Fratric, or...

Hello – Today we published Security Advisory 2737111, which provides mitigations and workarounds that will help protect customers from a known vulnerability in one of Oracle’s Outside In libraries, which were updated earlier this month. Microsoft licenses the libraries from Oracle...

Hello, To mark the start of the 10-day countdown to the BlueHat Prize award ceremony, the MSRC Ecosystem Strategy Team is announcing the BlueHat Prize Question Sweepstakes that will give you a chance to win $5,000 at Black Hat this year! Be sure to check out the official announcement here and...

Today we published the Link Removed due to 404 Error, and the Link Removed due to 404 Error. We fielded 15 questions on various topics during the webcast, including bulletins and advisory details, deployment questions, and plans for later updates. We also received a question that we...