WSUSSCN2.CAB Now Available for MS11-100

Due to the urgency of the MS11-100 release on December 29, 2011, the WSUSSCN2.CAB offline catalog file was not available at the time of the MS11-100 release. A revised WSUSSCN2.CAB offline catalog file including MS11-100 has been released and is available to support SMS 2003 ITMU, MBSA (in offline mode) and 3rd party tools that… Read more

December 2011 Out-Of-Band Bulletin Release: Q&A and Webcast

Hello, Today we published the December 2011 Out-of-Band Security Bulletin Webcast Questions & Answers page. We fielded 41 questions on the subject of MS11-100 . There were four questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page. We invite our customers to… Read more

December 2011 Out-Of-Band Security Bulletin Webcast Q&A

Hosts:              Jonathan Ness, Security Development Manager, MSRC                           Pete Voss, Sr. Response Communications Manager, Trustworthy Computing Website:         TechNet/Security Chat Topic:     December 2011 Out-Of-Band Security Bulletin Release Date:               Thursday, December 29, 2011 Q: How are Denial of Service, Tampering, Information Disclosure orSpoofing issues rated?A: The Exploitability Index only attempts to rate vulnerabilities that can be… Read more

Microsoft releases MS11-100 for Security Advisory 2659883

Hello, Today we released Security Update MS11-100 to address the issue described in Security Advisory 2659883. The security update has a severity rating of Critical and resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework. Of note, the new method of… Read more

Advanced Notification for out-of-band release to address Security Advisory 2659883

Hello, Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883. The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST. The bulletin has a severity rating of Critical and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions… Read more

Microsoft releases Security Advisory 2659883, offers workaround for industry-wide issue

Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions of .NET Framework, however we recommend customers use the mitigation and workaround described… Read more

December 2011 Bulletin Release Q&A and Slide Deck

Hello, Today we published the December Security Bulletin Webcast Questions & Answers page. We fielded six questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. For more details on this month’s bulletins, click here to view the slide deck used in the webcast. The webcast itself will be… Read more

December 2011 Security Bulletin Webcast Q&A

Hosts:             Jonathan Ness, Security Development Manager, MSRC                        Jerry Bryant, Group Manager, Trustworthy Computing Communications Website:         TechNet/Security Chat Topic:     December 2011 Security Bulletin Release Date:               Wednesday, December 14, 2011  Q: Some of my users had issues with text being deleted from Word documents. Is this an issue with the Office security bulletin? A: We are not aware… Read more

WSUS Supportability Statement on HTTPS Inspection

Here’s a heads up on another great article I found over on the TechNet Wiki.  This one was written by Microsoft’s own Yuri Diogenes and talks about the supportability (or lack thereof) of HTTPS Inspection of the traffic between Microsoft Update and WSUS: ===== The implementation of HTTPS Inspection to inspect the traffic between Microsoft… Read more

A look back at 2011’s security landscape

Hi everyone – Mike Reavey here. Today, we’re releasing our December set of security updates. As we do every month, we’re providing a heads-up on what’s coming in this month’s release as well as offering links to more information so you can plan your deployment. However, since this is the last set of regular monthly… Read more