Aggregator

皆さんこんにちは。今日は、2012 年上半期の脅威の動向をまとめた「マイクロソフト セキュリティ インテリ

Security Updates Today we released six security bulletins to help protect our customers - four Critical, one Important, and one Moderate – addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel. For those who need to prioritize deployment, we recommend focusing on these two Critical updates first:

Security Updates Today we released six security bulletins to help protect our customers - four Critical, one Important, and one Moderate – addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel. For those who need to prioritize deployment, we recommend focusing on these two Critical updates first:

Today we’re providing advance notification of the release of seven bulletins, one Critical and six Important, which address 20 vulnerabilities for October 2012. The Critical bulletin addresses vulnerabilities in Microsoft Word. The six Important-rated bulletins will address issues in Windows, Microsoft Office, and SQL Server. This release will also address the issue in FAST Search Server first described in Security Advisory 2737111.

Today we’re providing advance notification of the release of seven bulletins, one Critical and six Important, which address 20 vulnerabilities for October 2012. The Critical bulletin addresses vulnerabilities in Microsoft Word. The six Important-rated bulletins will address issues in Windows, Microsoft Office, and SQL Server. This release will also address the issue in FAST Search Server first described in Security Advisory 2737111.

Hello, Today we published the September Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded thirteen questions, focusing primarily on MS12-061, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Security Advisory 2736233, addressing Update Rollup for ActiveX Kill Bits. We have the slide deck from the webcast available for on-demand viewing as well.

Hello, Today we published the September Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded thirteen questions, focusing primarily on MS12-061, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Security Advisory 2736233, addressing Update Rollup for ActiveX Kill Bits. We have the slide deck from the webcast available for on-demand viewing as well.

Hello, Today we published the June Security Bulletin Webcast Questions & Answers page, and the June 2012 Security Bulletin Release Webcast slide deck. We fielded 23 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Our webcast from Wednesday is now available for on-demand viewing.

Hello, Today we published the June Security Bulletin Webcast Questions & Answers page, and the June 2012 Security Bulletin Release Webcast slide deck. We fielded 23 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. Our webcast from Wednesday is now available for on-demand viewing.

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.

2012/06/19 17:00 : 「Flame への対策」セクションに、失効した証明書を自動で処理する更新プログラム (KB2677070) の記載を追加

2012/06/19 17:00 : 「Flame への対策」セクションに、失効した証明書を自動で処理する更新プログラム (KB2677070) の記載を追加

Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.

Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.

Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to protect yourself against any potential attacks that would leverage unauthorized certificates signed by Microsoft.