Verifying update hashes

Some of you may have noticed us improving our defense-in-depth practices for bulletins by supplying sha1 and sha2 hashes in the Knowledge Base (KB) articles. This has been most visible in the KB with the addition of the “File hash information” section, but it is also noted in the Frequently Asked Questions (FAQ) section of…

0

August 2012 Bulletin Release

Security Advisory 2661254 – Update For Minimum Certificate Key LengthBefore we get into the details of this month’s bulletin release, let’s take a look at an important change on how Windows deals with certificates that have RSA keys of less than 1024 bits in length. We’ve been talking about this subject since June, and today…

0

December 2010 Advance Notification Service is released

Hi everyone. Mike Reavey from the MSRC here. Today we’re releasing our Advance Notification Service for the December 2010 security bulletin release. As we do every month, we’ve given information about the coming December release and provided links to detailed information so you can plan your deployment by product, service pack level, and severity.  However,…

0

Guidance on Internet Explorer XSS Filter

The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002). This attack scenario involved modified HTTP responses, enabling XSS on sites that would not otherwise be vulnerable.    An additional update to the IE XSS Filter is currently scheduled for…

0

Out-of-Band Security Bulletin Webcast Q&A - March 30, 2010

Hosts:                          Adrian Stone, Senior Security Program Manager Lead                                     Jerry Bryant, Group Manager, Response Communications Website:                     TechNet/security Chat Topic:                 March 2010 Out-of-Band Security BulletinDate:                           Tuesday, March 30, 2010     Q: CVE-2010-0483, like CVE-2010-0806, is a remote code executable vulnerability with an exploit code that has been published and publicly available since March 1, 2010….

0

Out-of-Band Security Bulletin Webcast Q&A - January 21, 2010

  Hosts:             Adrian Stone, Senior Security Program Manager Lead                           Jerry Bryant, Senior Security Communications Manager Lead Website:       TechNet/security Chat Topic:    January 2010 Out-of-Band Security BulletinDate:               Thursday, January 21,  2010   Q: I understand the severity for workstaitons. Is the severity lower for servers in terms of this vulnerability, since most servers (except Terminal Servers)…

0

Security Advisory 979352 Released

Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks.  Today, Microsoft issued guidance to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer.  Additionally, we are cooperating with Google and other companies, as…

0

December 2009 Security Bulletin Release

Summary of Microsoft’s Security Bulletin Release for December 2009 As noted in our Advance Notification (ANS) last Thursday, for the December bulletin release we issued six security bulletins addressing 12 vulnerabilities. Affected products include Windows, Internet Explorer (IE) and Microsoft Office products. In the ANS, we also noted that the bulletin for IE (MS09-072) is…

0

August 2009 Bulletin Release

Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note…

0