Tuesday, January 19, 2010
We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability. Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6.
Tuesday, January 12, 2010
Summary of Microsoft’s Security Bulletin Release for January 2010 Hi Everyone, We hope that 2010 is off to a good start for you. For our first bulletin release of the New Year, we have one Critical bulletin affecting all versions of Windows. The bulletin, MS10-001, addresses one vulnerability in the Embedded OpenType Font Engine and is Critical on Windows 2000.
Sunday, December 27, 2009
Hi everyone, On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a non-default, unsafe configuration in order to be vulnerable.
Monday, December 14, 2009
Handle: Avatar IRL: Karl Hanmore Rank: Senior Security Strategist (aka Sergeant Grunt) Likes: Getting the job done, bringing the fight to the bad guys, good single malt whiskey Dislikes: Cowards, talkers not doers, red tape, humidity G’day, or should I say howdy, y’all. As the newest member of the Microsoft EcoStrat team, I figured I would do a quick self-introduction before getting down to work.
Monday, November 23, 2009
Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Hi! It’s been a while since I’ve had a chance to blog about all the things we have been doing here.
Tuesday, November 10, 2009
Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). As we do every month, we have prepared our Risk & Impact and our Deployment Priority guidance to help customers assess risk to their environments and prioritize the deployment of this month’s updates.
Tuesday, October 13, 2009
Summary of Microsoft’s Security Bulletin Release for October 2009 This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this the most bulletins Microsoft has ever released”?
Sunday, September 13, 2009
Handle: C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! BlueHat v9 will take place from October 21 to 23 at the Microsoft campus in Redmond. Last year, we experimented with a day dedicated to attacks and a day dedicated to SDL security mitigations.
Tuesday, August 11, 2009
Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note that five of the six critical updates also have an Exploitability Index rating of “1” which means that we could expect there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release.
