Aggregator

Hello, Today we published the June Security Bulletin Webcast Questions & Answers page, and the June 2012 Security Bulletin Release Webcast slide deck. We fielded 23 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Our webcast from Wednesday is now available for on-demand viewing.

Hello, Today we published the June Security Bulletin Webcast Questions & Answers page, and the June 2012 Security Bulletin Release Webcast slide deck. We fielded 23 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Our webcast from Wednesday is now available for on-demand viewing.

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.

2012/06/19 17:00 : 「Flame への対策」セクションに、失効した証明書を自動で処理する更新プログラム (KB2677070) の記載を追加

2012/06/19 17:00 : 「Flame への対策」セクションに、失効した証明書を自動で処理する更新プログラム (KB2677070) の記載を追加

Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.

Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.

Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to protect yourself against any potential attacks that would leverage unauthorized certificates signed by Microsoft.

Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to protect yourself against any potential attacks that would leverage unauthorized certificates signed by Microsoft.

With the era of freely available IPv4 addresses nearing its end, I'm pleased to see that 2012 appears to be the year when the IPv6 Internet will finally reach maturity and launch into wide-scale commercial use. For over a decade, the groundwork for the migration to version 6 of the Internet Protocol (IPv6) has been built, with changes to operating systems, client and server software, routers, and Internet backbone networks. To-date, however, the availability of IPv6 content and end-users has remained slim with few Web sites being available over IPv6 and with just over 0.5% of global Internet users having IPv6 connectivity that their machines will elect to use.

As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF) format, for your examination and feedback. Today, ICASI released version 1.

As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF) format, for your examination and feedback. Today, ICASI released version 1.

Hello, Today we published the May Security Bulletin Webcast Questions & Answers page, and the May 2012 Security Bulletin Release Webcast slide deck. During the webcast, we fielded 8 questions on various topics, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, June 13 at 11am PDT (UTC -7), when we will go into detail about the June bulletin release and answer questions live on the air.

Hello, Today we published the May Security Bulletin Webcast Questions & Answers page, and the May 2012 Security Bulletin Release Webcast slide deck. During the webcast, we fielded 8 questions on various topics, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, June 13 at 11am PDT (UTC -7), when we will go into detail about the June bulletin release and answer questions live on the air.

Hello, Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging decisions that went into MS12-034. This is a particularly interesting case to dive into and will give readers a better appreciation for the bulletin management process here at Microsoft.

Hello, Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging decisions that went into MS12-034. This is a particularly interesting case to dive into and will give readers a better appreciation for the bulletin management process here at Microsoft.

Hello, Today we published the April Security Bulletin Webcast Questions & Answers page, and the slide deck presented in the webcast. We fielded 15 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, May 9 at 11am PDT (UTC -7), when we will go into detail about the May bulletin release and answer questions live on the air.