Aggregator
September 2012 Security Bulletin Webcast, Q&A, and Slide Deck
12 years 2 months ago
Hello,
Today we published the September Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded thirteen questions, focusing primarily on MS12-061, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Security Advisory 2736233, addressing Update Rollup for ActiveX Kill Bits. We have the slide deck from the webcast available for on-demand viewing as well.
September 2012 Security Bulletin Webcast, Q&A, and Slide Deck
12 years 2 months ago
Hello,
Today we published the September Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded thirteen questions, focusing primarily on MS12-061, covering Visual Studio Team Foundation Server; MS12-062, affecting System Center Configuration Manager; and Security Advisory 2736233, addressing Update Rollup for ActiveX Kill Bits. We have the slide deck from the webcast available for on-demand viewing as well.
Stripe CTF 2.0 (Web Edition)
12 years 2 months ago
g0tmi1k
June 2012 Security Bulletin Webcast, Q&A, and Slide Deck
12 years 5 months ago
Hello,
Today we published the June Security Bulletin Webcast Questions & Answers page, and the June 2012 Security Bulletin Release Webcast slide deck. We fielded 23 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools.
Our webcast from Wednesday is now available for on-demand viewing.
June 2012 Security Bulletin Webcast, Q&A, and Slide Deck
12 years 5 months ago
Hello,
Today we published the June Security Bulletin Webcast Questions & Answers page, and the June 2012 Security Bulletin Release Webcast slide deck. We fielded 23 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools.
Our webcast from Wednesday is now available for on-demand viewing.
Certificate Trust List update and the June 2012 bulletins
12 years 5 months ago
For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.
Certificate Trust List update and the June 2012 bulletins
12 years 5 months ago
For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 26 unique CVEs to further improve the security postures of Microsoft Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the Microsoft .NET Framework. In addition to the security bulletins, we are releasing an automatic updater feature for Windows Vista and Windows 7 untrusted certificates.
セキュリティ アドバイザリ 2718704: Flame の攻撃と WU の強化
12 years 5 months ago
2012/06/19 17:00 : 「Flame への対策」セクションに、失効した証明書を自動で処理する更新プログラム (KB2677070) の記載を追加
セキュリティ アドバイザリ 2718704: Flame の攻撃と WU の強化
12 years 5 months ago
2012/06/19 17:00 : 「Flame への対策」セクションに、失効した証明書を自動で処理する更新プログラム (KB2677070) の記載を追加
Flame malware collision attack explained
12 years 5 months ago
Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.
Flame malware collision attack explained
12 years 5 months ago
Since our last MSRC blog post, we’ve received questions on the nature of the cryptographic attack we saw in the complex, targeted malware known as Flame. This blog summarizes what our research revealed and why we made the decision to release Security Advisory 2718704 on Sunday night PDT. In short, by default the attacker’s certificate would not work on Windows Vista or more recent versions of Windows.
Microsoft certification authority signing certificates added to the Untrusted Certificate Store
12 years 5 months ago
Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to protect yourself against any potential attacks that would leverage unauthorized certificates signed by Microsoft.
Microsoft certification authority signing certificates added to the Untrusted Certificate Store
12 years 5 months ago
Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to protect yourself against any potential attacks that would leverage unauthorized certificates signed by Microsoft.
Launching Forward with IPv6
12 years 5 months ago
With the era of freely available IPv4 addresses nearing its end, I'm pleased to see that 2012 appears to be the year when the IPv6 Internet will finally reach maturity and launch into wide-scale commercial use. For over a decade, the groundwork for the migration to version 6 of the Internet Protocol (IPv6) has been built, with changes to operating systems, client and server software, routers, and Internet backbone networks. To-date, however, the availability of IPv6 content and end-users has remained slim with few Web sites being available over IPv6 and with just over 0.5% of global Internet users having IPv6 connectivity that their machines will elect to use.
Erik Nygren
Microsoft security updates and the Common Vulnerability Reporting Framework
12 years 6 months ago
As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF) format, for your examination and feedback. Today, ICASI released version 1.
Microsoft security updates and the Common Vulnerability Reporting Framework
12 years 6 months ago
As a part of the Industry Consortium for Advancement of Security on the Internet (ICASI), Microsoft is pleased to present an initial set of monthly security updates – originally released on May 8 – in the consortium’s newly established Common Vulnerability Reporting Framework (CVRF) format, for your examination and feedback. Today, ICASI released version 1.
May 2012 Security Bulletin Webcast, Slide Deck, and Q&A
12 years 6 months ago
Hello,
Today we published the May Security Bulletin Webcast Questions & Answers page, and the May 2012 Security Bulletin Release Webcast slide deck. During the webcast, we fielded 8 questions on various topics, including bulletins released, deployment tools, and update detection tools.
We invite our customers to join us for the next public webcast on Wednesday, June 13 at 11am PDT (UTC -7), when we will go into detail about the June bulletin release and answer questions live on the air.
May 2012 Security Bulletin Webcast, Slide Deck, and Q&A
12 years 6 months ago
Hello,
Today we published the May Security Bulletin Webcast Questions & Answers page, and the May 2012 Security Bulletin Release Webcast slide deck. During the webcast, we fielded 8 questions on various topics, including bulletins released, deployment tools, and update detection tools.
We invite our customers to join us for the next public webcast on Wednesday, June 13 at 11am PDT (UTC -7), when we will go into detail about the June bulletin release and answer questions live on the air.
Bulletin Management Process and the May 2012 Bulletins
12 years 6 months ago
Hello,
Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging decisions that went into MS12-034. This is a particularly interesting case to dive into and will give readers a better appreciation for the bulletin management process here at Microsoft.