Hello – Today we’re releasing Security Advisory 2524375, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used …
Hello all — Today, as part of our usual monthly bulletin cadence, we are providing our Advance Notification Service for March’s security bulletins. This month we’ll release three bulletins, one of them rated Critical and two rated Important, addressing issues in Microsoft Windows and Office. We’ll close four vulnerabilities with those bulletins. The bulletin release …
Advance Notification Service for the March 2011 Security Bulletin Release Read More »
Hello all – Today, as part of our usual monthly bulletin cadence, we are providing our Advance Notification Service for February’s security bulletins. This month, we’ll release 12 bulletins, three of them rated Critical and nine rated Important, addressing issues in Microsoft Windows, Internet Explorer, Office, Visual Studio, and IIS. 22 issues will be addressed. …
Advance Notification Service for the February 2011 Security Bulletin Release Read More »
Hello – Today we released Security Advisory 2490606, which addresses a publicly disclosed vulnerability affecting Microsoft Windows Graphics Rendering Engine on Vista, Server 2003, and Windows XP. We are not aware of any affected customers, nor of any active attacks targeting customers. The vulnerability does not affect Windows 7 or Windows Server 2008 R2, the …
Hi everyone, Today we released Security Advisory 2458511 to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers. The exploit code was discovered on a single …
Hi everyone – We’ve updated Microsoft Security Advisory 2416728 to include a step in the workaround requiring the blocking of requests that specify the application error path on the querystring. This can be done using URLScan, a free tool for Internet Information Services (IIS) that can selectively block requests based on rules defined by the administrator. …
Hi everyone – We’ve just updated Microsoft Security Advisory 2416728 as we’ve begun to see limited attacks with the ASP.NET vulnerability. We have added questions and answers and encourage customers to review this information and evaluate it for their environment. We have also added additional technical questions and answers to the Security and Defense blog, which …
Hi everyone, Today we released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations and workarounds. Our Security Research & Defense team has …
Hi everyone, With this month’s bulletin release, I want to highlight the great work done through our partnerships in the Microsoft Active Protections Program (MAPP). MAPP represents our commitment to community based defense and a shared sense of responsibility to help protect the computing ecosystem. In July of this year, the Stuxnet malware emerged onto …
Overview Today we released Microsoft Security Advisory 2269637. This is different from other Microsoft Security Advisories because it’s not talking about specific vulnerabilities in Microsoft products. Rather, this is our official guidance in response to security research that has outlined a new, remote vector for a well-known class of vulnerabilities, known as DLL preloading or …