Microsoft Security Response Center Blog

Q&A from the November 2010 Security Bulletin Webcast

Thursday, November 11, 2010

Hello, Today we published theNovember 2010 Security Bulletin Webcast Questions & Answers page. You’ll notice it was a fairly brief webcast; all the questions we received concerned installation specifics, which we especially appreciate as a sign that customers are updating their systems quickly. We invite our customers to join us for the next public webcast on Wednesday, December 15 at 11am PST (-8 UTC), when we will go into detail about the December bulletin release and answer questions live on the air.

November 2010 Security Bulletin Release

Tuesday, November 09, 2010

Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing three security bulletins, addressing 11 vulnerabilities. One of the bulletins has a Critical severity rating, while the other two are rated Important. Recapping the trio: MS10-087 This bulletin resolves five issues affecting all currently supported Microsoft Office products.

Advance Notification Service for November 2010 Bulletins

Thursday, November 04, 2010

Hello. We’ve issued our Advance Notification Service for the November ’10 security bulletin release. This time around we’re releasing three updates addressing 11 vulnerabilities in Microsoft Office and Unified Access Gateway (UAG). One bulletin carries a Critical severity rating; the other two are rated Important. When customers buy Microsoft software, it includes high-quality security updates to be provided via predictable monthly bulletin releases, helping to protect their computing experience over time.

• ANS
• Security
• UAG

Hack.lu: Why it’s all about building bridges

Thursday, November 04, 2010

Handle: Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni “We want to remain what we are” (“Mir wëlle bleiwe wat mir sinn”) is the national motto of the Grand Duchy of Luxembourg.

• Community-based Defense
• EcoStrat
• Hallway Tracks
• Mitigations
• MSRC
• MSRC Ecosystem Strategy
• Risk Assessment
• Security Conference Engagement
• Security Ecosystem
• Security Engineering
• Security Research
• Security Tools
• Watering Hole

DEP, EMET protect against attacks on the latest Internet Explorer vulnerability

Wednesday, November 03, 2010

Today we released Security Advisory 2458511notifying customers of limited attacks leveraging an Internet Explorer vulnerability. The beta version of Internet Explorer 9 is not affected while Internet Explorer 6, 7, and 8 are affected. So far the attacks we have seen only target Internet Explorer versions 6 and 7 on Windows XP.

• DEP
• EMET
• Exploitability
• Internet Explorer (IE)
• Mitigations
• Workarounds

Getting Into Information Security Intelligence Gathering: A BlueHat v10 Retrospective from Speakers Ian Iftach Amit and Fyodor Yarochkin

Tuesday, November 02, 2010

Ian: Having a mild case of “professional ADHD” is probably what got me started on this whole “cyber” thing. Having done research, development, integration and consulting in the past, I was starting to get too many unanswered questions in my mind when dealing with customers and individuals who were being compromised left and right.

• Attack
• BlueHat Security Briefings
• Cyberbullying
• Emerging Threat
• Identity/Identity Theft
• Malicious Software (Malware)
• Password Stealers
• Security Research

Microsoft Releases Security Advisory 2458511

Tuesday, November 02, 2010

Hi everyone, Today we released Security Advisory 2458511 to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers. The exploit code was discovered on a single website which is no longer hosting the malicious code.

• Advisory
• Internet Explorer (IE)
• Security
• Security Advisory
• Zero-Day Exploit

Q&A from the October 2010 Security Bulletin Webcast

Monday, October 18, 2010

Hello, Today we published the October 2010 Security Bulleting webcast Questions & Answers page. The October release included 16 security updates, four rated Critical, ten rated Important, and two rated Moderate to address 49 vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Internet Explorer, and Microsoft .NET Framework. We invite our customers to join us for the next public webcast on Wednesday, November 10 @11AM PST when we will go into detail about the November bulletin release and answer questions live on the air.

• Security
• Security Bulletin
• Security Update
• Security Update Webcast Q & A
• Webcast Q&A

Something Old, Something New, True Blue

Friday, October 15, 2010

This year marks the tenth BlueHat at Microsoft, and my sixth round in participating in the event that has been so instrumental in keeping Microsoft developers and executives in touch with the pulse of security research outside Microsoft, and serves as one of the key crossroads for the exchange of ideas from our internal security experts to the outside world.

• BlueHat Security Briefings
• EcoStrat
• Hallway Tracks
• Microsoft Vulnerability Research (MSVR)
• MSRC
• MSRC Ecosystem Strategy
• Security Advisory
• Security Conference Engagement
• Security Ecosystem
• Security Engineering
• Security Research
• Security Tools
• Watering Hole

BlueHat v10 Shipping!

Thursday, October 14, 2010

Handle: Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns I’m here playing MC at the tenth edition (!!!) of the BlueHat Security Briefings on the Microsoft Campus in Redmond.

• BlueHat Security Briefings
• Community-based Defense
• EcoStrat
• End to End Trust
• Hallway Tracks
• MSRC
• MSRC Ecosystem Strategy
• Security Conference Engagement
• Security Ecosystem
• Security Engineering
• Security Research
• Security Tools
• Watering Hole