Skip to main content
MSRC

2011

Microsoft releases Security Advisory 2641690, updates Untrusted Certificate Store

Thursday, November 10, 2011

Hi everyone, As a follow-up to Friday’s blog post, today we released Security Advisory 2641690 to notify customers that we revoked the trust of DigiCert Sdn.Bhd in an update that moves two Intermediate Certificate Authorities (CA) certificates to the Microsoft Untrusted Certificate Store. We made this decision after Entrust, Inc., a CA in the Microsoft Root Certificate Program, notified us that one of its subordinate CAs issued 22 certificates with weak 512 bit keys, a violation of Microsoft’s Root Certificate Program requirements.

Read More

Assessing the exploitability of MS11-083

Tuesday, November 08, 2011

This month we released MS11-083 to address an externally found reference counter issue in TCP/IP stack. Here we would like to give further information about the exploitability of this vulnerability. Vulnerability The vulnerability presents itself in the specific scenario where an attacker can send a large number of specially crafted UDP packets to a random port that does not have a service listening.

Read More

Microsoft hosts BlueHatv11, releases four bulletins

Tuesday, November 08, 2011

Hello, On this November Update Tuesday, we’re recapping the BlueHat conference, which Microsoft hosted in Redmond last week. We are also releasing four security updates, so please read on for details. Microsoft hosted its 11th installment of the BlueHat conference Nov. 2-4. The event featured presentations from hand-picked security researchers about current and emerging security threats.

Read More

Advance Notification for November 2011

Thursday, November 03, 2011

Hello, As we do each month, we’re providing advance notification on the release of four security bulletins, one Critical, two Important, and one Moderate, to address four CVEs in Windows. As usual, the bulletin release is scheduled for the second Tuesday of the month, Nov. 8, at approximately 10 a.m. PT.

Read More

Beliefs from an Ex-softy

Thursday, November 03, 2011

Jared Pfost here. I’m fired up to present at BlueHat. I really appreciate Noelle reaching out so it was a no brainer when asked to spin up a blog post. One thing that keeps popping up is my status as a former blue badge. Actually I’m a former twice over. One tour pre bubble and one post, or I like to think of it as pre/post the TWC memo.

Read More

BlueHat v11

Thursday, November 03, 2011

Jeremiah Grossman here. BlueHat is one of my favorite conferences of the year, and it’s one of the few I’ve consistently kept coming back to. The organizers put together an amazing event with consistently top-quality content, where the attendees are not only security people, but a legion of software developers who have a genuine interest in security – because their employer (Microsoft) does.

Read More

Microsoft releases Security Advisory 2639658

Thursday, November 03, 2011

Hi everyone, Today we released Security Advisory 2639568 to provide customer guidance for the Windows kernel issue related to the Duqu malware. I would like to provide you information on how to protect your system(s), how we are addressing the issue, and insight into our threat landscape monitoring capabilities. The security advisory provides a workaround that can be applied to any Windows system.

Read More