trustworthy computing

Today we're providing advanced notification on the release of nine bulletins, five Critical and four Important, for August 2012. The five Critical security bulletins are addressing ten vulnerabilities in Microsoft Windows, Internet Explorer, Exchange, SQL Server, Server Software, and Developer...

Minutes ago in Las Vegas at the Microsoft Researcher Appreciation Party, we completed the journey we set out on together at the 2011 Black Hat briefings. There, we asked the security research community to focus its talent and expertise on defense, to design and prototype novel runtime mitigation...

One year ago this week we challenged the security community to take an unconventional focus on defensive innovation. We called that challenge the Link Removed due to 404 Error, and tomorrow night, we will award the grand prize of $200,000 to one of the finalists - Jared DeMott, Ivan Fratric, or...

Hello – Today we published Security Advisory 2737111, which provides mitigations and workarounds that will help protect customers from a known vulnerability in one of Oracle’s Outside In libraries, which were updated earlier this month. Microsoft licenses the libraries from Oracle...

Hello, To mark the start of the 10-day countdown to the BlueHat Prize award ceremony, the MSRC Ecosystem Strategy Team is announcing the BlueHat Prize Question Sweepstakes that will give you a chance to win $5,000 at Black Hat this year! Be sure to check out the official announcement here and...

Today we published the Link Removed due to 404 Error, and the Link Removed due to 404 Error. We fielded 15 questions on various topics during the webcast, including bulletins and advisory details, deployment questions, and plans for later updates. We also received a question that we...

Hello, The judges have finished reviewing the submissions for the first BlueHat Prize contest and the finalists are in! Please visit Link Removed due to 404 Error for details on the three finalists and their entries that mitigate return-oriented programming (ROP). The finalists will collectively...

During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we've built a Fix it workaround that blocks the potential attack vector in...

Hello -- Today we’re releasing our advance notification for the June security bulletin release, which is scheduled for Tuesday, June 12. This month’s release includes 7 bulletins addressing 28 vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications...

Today, as a part of our continuing phased mitigation strategy recently discussed, we have initiated the additional hardening of Windows Update. We’ve also provided more information about the MD5 hash-collision attacks used by the Flame malware in the SRD blog. This information should help...

Hello, Today we published the Link Removed due to 404 Error, and the Link Removed due to 404 Error. During the webcast, we fielded 8 questions on various topics, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public...

Hello, As you know, today is Update Tuesday. Before I go into the bulletin details, however, I wanted to let you know that today we’re notifying customers that Windows XP and Office 2003 will go out of support in April 2014. We understand that preparing to deploy the latest versions of...

The entry window for the first annual BlueHat Prize closed at 11:59pm PDT on April 1. We've been eagerly awaiting a final entry count from the contest organizers, and senior security strategist Katie Moussouris has just posted that tally on the EcoStrat blog. Congratulations to all participants...

Nearly nine months after we announced the first annual Link Removed due to 404 Error competition for innovations in defensive security technologies, we’re just days away from the submission deadline. On the EcoStrat blog today, Senior Security Strategist Katie Moussouris gives a glimpse...

On March 15, we became aware of public proof-of-concept code that results in denial of service for the issue addressed by MS12-020, which we released Tuesday. We continue to watch the threat landscape and we are not aware of public proof-of-concept code that results in remote code execution...

Hello. Today we’re releasing our advance notification for the March security bulletin release, which is scheduled for Tuesday, March 13. This month’s release includes six bulletins addressing seven vulnerabilities in Microsoft Windows, Visual Studio, and Expression Design. As always...

Ever wondered where Update Tuesday bulletins come from, or what it’s like around Microsoft when a serious information-security situation arises? Or wondered who precisely is responsible for getting your monthly bulletin releases out the door? Update Tuesday, which brings us here today, is...

Hello. Today we’re releasing our advance notification for the February security bulletin release, which is scheduled for Tuesday, February 14. This month’s release includes nine bulletins addressing 21 vulnerabilities in Microsoft Windows, Office, Internet Explorer, and...

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft...

Hello. Today we’re releasing our advance notification for the January security bulletin release, which is scheduled for Tuesday, January 10. This month’s release includes seven bulletins addressing eight vulnerabilities in Microsoft Windows and Microsoft Developer Tools And Software...