Friday, September 27, 2013
Software Defense is a broad topic requiring a multipronged approach including: - the processes and tooling associated with secure development (that we try and encapsulate within the Microsoft SDL), - core OS countermeasures that make exploitation of a given vulnerability more difficult for an attacker, - steps to secure the hardware on which the software runs,
Tuesday, September 17, 2013
Today, we released a Fix it workaround tool to address a new IE vulnerability that had been actively exploited in extremely limited, targeted attacks. This Fix it makes a minor modification to mshtml.dll when it is loaded in memory to address the vulnerability. This Fix it workaround tool is linked fromSecurity Advisory 2887505 that describes this issue.
Tuesday, September 17, 2013
<2013/10/09 追記> 本セキュリティ アドバイザリで説明している脆弱性に対処するため、セキュリティ情報 MS13-080 を発行
Tuesday, September 17, 2013
Today we released Security Advisory 2887505 regarding an issue that affects Internet Explorer. There are only reports of a limited number of targeted attacks specifically directed at Internet Explorer 8 and 9, although the issue could potentially affect all supported versions. This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type.
Friday, September 13, 2013
Today we’re publishing the September 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on Office bulletins, especially SharePoint Server (MS13-067). We received multiple Office related questions that were very similar in nature, so the questions have been merged, as applicable, with consolidated answers provided. We were able to answer six questions on air, and those we did not have time for have been included on the Q&A page.
Wednesday, September 11, 2013
2013 年 9 月 11 日にリリースしましたセキュリティ情報 MS13-072 Microsoft Office の脆弱性により、リモートでコードが実行される (2845537), MS13-073
Tuesday, September 10, 2013
2013 年 9 月 11 日 (日本時間)、マイクロソフトは計 13 件 (緊急 4 件、重要 9 件) の新規セキュリティ情報を公開し
Tuesday, September 10, 2013
本記事は、Security Research & Defense のブログ “ Assessing risk for the September 2013 security updates ” (2013 年 9 月 11 日公開) を翻訳した記事です。 本
Tuesday, September 10, 2013
皆さん、こんにちは! 先ほど 9 月のマイクロソフト ワンポイント セキュリティ情報を公開しました。 本日 9 月 11
Tuesday, September 10, 2013
Today we released thirteen security bulletins addressing 47 CVE’s. Four bulletins have a maximum severity rating of Critical while the other ten have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin Severity Max Exploit-ability Likely first 30 days impact Platform mitigations and key notes MS13-069(Internet Explorer) Victim browses to a malicious webpage.
