advisory

Microsoft Releases Security Advisory 2524375

Hello – Today we’re releasing Security Advisory 2524375, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used …

Microsoft Releases Security Advisory 2524375 Read More »

Advance Notification Service for the March 2011 Security Bulletin Release

Hello all — Today, as part of our usual monthly bulletin cadence, we are providing our Advance Notification Service for March’s security bulletins. This month we’ll release three bulletins, one of them rated Critical and two rated Important, addressing issues in Microsoft Windows and Office. We’ll close four vulnerabilities with those bulletins. The bulletin release …

Advance Notification Service for the March 2011 Security Bulletin Release Read More »

Advance Notification Service for the February 2011 Security Bulletin Release

Hello all – Today, as part of our usual monthly bulletin cadence, we are providing our Advance Notification Service for February’s security bulletins. This month, we’ll release 12 bulletins, three of them rated Critical and nine rated Important, addressing issues in Microsoft Windows, Internet Explorer, Office, Visual Studio, and IIS. 22 issues will be addressed. …

Advance Notification Service for the February 2011 Security Bulletin Release Read More »

Microsoft releases Security Advisory 2490606

Hello – Today we released Security Advisory 2490606, which addresses a publicly disclosed vulnerability affecting Microsoft Windows Graphics Rendering Engine on Vista, Server 2003, and Windows XP. We are not aware of any affected customers, nor of any active attacks targeting customers. The vulnerability does not affect Windows 7 or Windows Server 2008 R2, the …

Microsoft releases Security Advisory 2490606 Read More »

Security Advisory 2416728 – Workaround Update

Hi everyone – We’ve updated Microsoft Security Advisory 2416728 to include a step in the workaround requiring the blocking of requests that specify the application error path on the querystring.  This can be done using URLScan, a free tool for Internet Information Services (IIS) that can selectively block requests based on rules defined by the administrator. …

Security Advisory 2416728 – Workaround Update Read More »

Update to Security Advisory 2416728

Hi everyone – We’ve just updated Microsoft Security Advisory 2416728 as we’ve begun to see limited attacks with the ASP.NET vulnerability.  We have added questions and answers and encourage customers to review this information and evaluate it for their environment.  We have also added additional technical questions and answers to the Security and Defense blog, which …

Update to Security Advisory 2416728 Read More »

Security Advisory 2416728 Released

Hi everyone, Today we released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations and workarounds. Our Security Research & Defense team has …

Security Advisory 2416728 Released Read More »

September 2010 Security Bulletin Release

Hi everyone, With this month’s bulletin release, I want to highlight the great work done through our partnerships in the Microsoft Active Protections Program (MAPP). MAPP represents our commitment to community based defense and a shared sense of responsibility to help protect the computing ecosystem. In July of this year, the Stuxnet malware emerged onto …

September 2010 Security Bulletin Release Read More »

Microsoft Security Advisory 2269637 Released

Overview Today we released Microsoft Security Advisory 2269637. This is different from other Microsoft Security Advisories because it’s not talking about specific vulnerabilities in Microsoft products. Rather, this is our official guidance in response to security research that has outlined a new, remote vector for a well-known class of vulnerabilities, known as DLL preloading or …

Microsoft Security Advisory 2269637 Released Read More »