Aggregator

Today we’re providing advance notification of the release of seven bulletins, one Critical and six Important, which address 20 vulnerabilities for October 2012. The Critical bulletin addresses vulnerabilities in Microsoft Word. The six Important-rated bulletins will address issues in Windows, Microsoft Office, and SQL Server. This release will also address the issue in FAST Search Server first described in Security Advisory 2737111.

Today we’re providing advance notification of the release of seven bulletins, one Critical and six Important, which address 20 vulnerabilities for October 2012. The Critical bulletin addresses vulnerabilities in Microsoft Word. The six Important-rated bulletins will address issues in Windows, Microsoft Office, and SQL Server. This release will also address the issue in FAST Search Server first described in Security Advisory 2737111.

Hello, Today we published the September Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded thirteen questions, focusing primarily on MS12-061, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Security Advisory 2736233, addressing Update Rollup for ActiveX Kill Bits. We have the slide deck from the webcast available for on-demand viewing as well.

Hello, Today we published the September Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded thirteen questions, focusing primarily on MS12-061, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Security Advisory 2736233, addressing Update Rollup for ActiveX Kill Bits. We have the slide deck from the webcast available for on-demand viewing as well.

Hello, Today we published the June Security Bulletin Webcast Questions & Answers page, and the June 2012 Security Bulletin Release Webcast slide deck. We fielded 23 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Our webcast from Wednesday is now available for on-demand viewing.

Hello, Today we published the June Security Bulletin Webcast Questions & Answers page, and the June 2012 Security Bulletin Release Webcast slide deck. We fielded 23 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Our webcast from Wednesday is now available for on-demand viewing.

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.

2012/06/19 17:00 : 「Flame への対策」セクションに、失効した証明書を自動で処理する更新プログラム (KB2677070) の記載を追加

2012/06/19 17:00 : 「Flame への対策」セクションに、失効した証明書を自動で処理する更新プログラム (KB2677070) の記載を追加

Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.

Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.

Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to protect yourself against any potential attacks that would leverage unauthorized certificates signed by Microsoft.

Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to protect yourself against any potential attacks that would leverage unauthorized certificates signed by Microsoft.

With the era of freely available IPv4 addresses nearing its end, I'm pleased to see that 2012 appears to be the year when the IPv6 Internet will finally reach maturity and launch into wide-scale commercial use. For over a decade, the groundwork for the migration to version 6 of the Internet Protocol (IPv6) has been built, with changes to operating systems, client and server software, routers, and Internet backbone networks. To-date, however, the availability of IPv6 content and end-users has remained slim with few Web sites being available over IPv6 and with just over 0.5% of global Internet users having IPv6 connectivity that their machines will elect to use.

As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF) format, for your examination and feedback. Today, ICASI released version 1.