Windows Security

Hello, Today we released Security Update MS11-100 to address the issue described in Security Advisory 2659883. The security update has a severity rating of Critical and resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework. Of note, the new method of hash collision attacks used to exploit this vulnerability is an industry-wide issue affecting various Web platforms, including ASP.View the full article

Hello, Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST. The bulletin has a severity rating of Critical and addresses a publicly disclosed vulnerability in ASP.View the full article

Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions of .NET Framework, however we recommend customers use the mitigation and workaround described in the Advisory to help protect sites against this new method to exploit hash tables.View the full article

Hello, Today we published the December Security Bulletin Webcast Questions & Answers page. We fielded six questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. For more details on this month’s bulletins, click here to view the slide deck used in the webcast. See below to view the webcast.View the full article

Hosts: Jonathan Ness, Security Development Manager, MSRC Jerry Bryant, Group Manager, Trustworthy Computing Communications Website: TechNet/Security ** Chat Topic: December 2011 Security Bulletin Release ** Date: Wednesday, December 14, 2011 ** Q: Some of my users had issues with text being deleted from Word documents. Is this an issue with the Office security bulletin**?View the full article

Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing 13 security bulletins, three of which are rated Critical in severity, and 10 Important. These bulletins will increase protection by addressing 19 unique vulnerabilities in Microsoft products. Customers should plan to install all of these updates as soon as possible.View the full article

Hi everyone – Mike Reavey here. Today, we’re releasing our December set of security updates. As we do every month, we’re providing a heads-up on what’s coming in this month’s release as well as offering links to more information so you can plan your deployment. However, since this is the last set of regular monthly security updates this year, I thought I’d take a minute to look back at some of the discoveries the MSRC made in the process of issuing the year’s bulletins.View the full article

Hello all. Before we look at next week’s bulletin release, we’d like to point out an update to our Microsoft Active Protections Program (MAPP) that should provide customers with greater transparency as to how MAPP partners use the information we share with them when we release security advisories. As you know, we work closely with our MAPP partners to share information on issues as they arise, thus extending protections to the greatest possible number of computers on the Internet.View the full article

Hi everyone, As a follow-up to Friday’s blog post, today we released Security Advisory 2641690 to notify customers that we revoked the trust of DigiCert Sdn.Bhd in an update that moves two Intermediate Certificate Authorities (CA) certificates to the Microsoft Untrusted Certificate Store. We made this decision after Entrust, Inc., a CA in the Microsoft Root Certificate Program, notified us that one of its subordinate CAs issued 22 certificates with weak 512 bit keys, a violation of Microsoft’s Root Certificate Program requirements.View the full article

Hello, On this November Update Tuesday, we’re recapping the BlueHat conference, which Microsoft hosted in Redmond last week. We are also releasing four security updates, so please read on for details. Microsoft hosted its 11th installment of the BlueHat conference Nov. 2-4. The event featured presentations from hand-picked security researchers about current and emerging security threats.View the full article

Hi everyone, This post is to notify customers that Microsoft will revoke trust in an Intermediate Certificate Authority, DigiCert Sdn. Bhd. (Digicert Malaysia) in an update to be released through Windows Update. DigiCert Sdn. Bhd is a Malaysian subordinate CA under Entrust and Verizon (GTE CyberTrust). There is no relationship between DigiCert Malaysia and DigiCert Inc.View the full article

Hi everyone, Today we released Security Advisory 2639568 to provide customer guidance for the Windows kernel issue related to the Duqu malware. I would like to provide you information on how to protect your system(s), how we are addressing the issue, and insight into our threat landscape monitoring capabilities. The security advisory provides a workaround that can be applied to any Windows system.View the full article

Hello, As we do each month, we’re providing advance notification on the release of four security bulletins, one Critical, two Important, and one Moderate, to address four CVEs in Windows. As usual, the bulletin release is scheduled for the second Tuesday of the month, Nov. 8, at approximately 10 a.m. PT.View the full article

Hello, Today we published the October Security Bulletin Webcast Questions & Answers page. We fielded eight questions across all bulletins. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, November 9th at 11am PDT (UTC -7), when we will go into detail about the November bulletin release and answer questions live on the air.View the full article

Hello, On this October Update Tuesday, we are releasing the 11th volume of the Security Intelligence Report, SIRv11, which puts zero-day vulnerabilities into context against other global threats. We are also releasing eight security updates so please read on for details. A new method of analyzing malware distribution indicates that in the first half of 2011 zero-day issues account for a very small percentage of actual infections.View the full article