Hello - Today we're releasing Security Advisory 2524375, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users. We are unaware of any active attacks.

We have taken steps to further help protect customers by developing a mitigation update. We recommend customers download the update to help protect against inadvertent use of the fraudulent digital certificates. Customers should continue to utilize Internet Explorer's Security Status bar located on the right side of the address bar to verify that the site being visited is valid and secure. The Windows Phone team is developing a mitigation update to help protect customers from the nine fraudulent digital certificates. Microsoft will provide status updates and additional guidance as soon as it becomes available.

The Microsoft mitigation will be made available through the Microsoft Download Center and the Windows Update Service. For customers who use Windows Automatic Updates, the update will occur automatically.

The video below provides additional viewpoints on the mitigation and explains why you should prioritize installation as soon as possible. 

If you have not done so already, we highly recommend customers register for our comprehensive alerts. Sign up here: Microsoft Technical Security Notifications

Thanks,

Bruce Cowper
Group Manager, Trustworthy Computing

Edited 3/25/2011 to add further information on Windows Phone

Hello,

Today we published the March Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools.

 We invite our customers to join us for the next public webcast on Wednesday, April 13th at 11am PDT (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

 Customers can register to attend at the link below:

 Date: Wednesday, April 13, 2011
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

 Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Hello all --

Today, as part of our monthly security bulletin release, we have three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment:

• MS11-015. This bulletin resolves one Critical-level and one Important-level vulnerability affecting certain media files in all versions of Microsoft Windows. It has an Exploitability Index rating of 1. Due to the nature of the affected software, this bulletin carries a Critical-level severity rating for all affected client systems, but only an Important-level rating for Windows Server 2008 R2 for x64. Other versions of Windows Server - 2003, 2008 and 2008 R2 - are unaffected. For both the Critical- and Important-level vulnerabilities, an attacker would have to convince a user to open a maliciously crafted file for an attack to work.

Our other two bulletins are somewhat similar in nature, both addressing the DLL-preloading issue described in Security Advisory 2269637, and both carrying an Important-level severity rating and an Exploitability Index rating of 1.

• MS11-016 is a DLL-preloading issue affecting Microsoft Groove 2007 Service Pack 2, which makes this an Office bulletin. Versions 2007 and 2010 of Groove are unaffected, as is Microsoft SharePoint Workspace 2010.
• MS11-017 is also a DLL-preloading issue, in this instance in Microsoft Windows Remote Client Desktop. This security update is rated Important for Remote Desktop Connection 5.2 Client, Remote Desktop Connection 6.0 Client, Remote Desktop Connection 6.1 Client, and Remote Desktop Connection 7.0 Client.

We continue to address DLL-preloading issues as they are discovered; however, it's important to note that we have not seen exploitation of these issues in the wild.

In this video, Jerry Bryant discusses this month's bulletins in further detail, focusing on MS11-015:

As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).

Our risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view).

More information about this month's security updates can be found on the Microsoft Security Bulletin summary web page.

As we often do in the wake of a Service Pack release, we've gotten deployment questions about Windows 7 SP1. To assist customers in that process, our TechNet site has posted an SP1 deployment guide to aid you in testing and deployment. You'll also find release notes and links to handy information -- for example, a spreadsheet that contains a list of all the hotfixes and security updates that are included in the Service Pack -- as well as information on new features and functionality.

We'd also like to update you on Security Advisory 2501696, which describes an MHTML-related vulnerability in Microsoft Windows. Microsoft is actively monitoring the threat landscape in conjunction with our Microsoft Active Protections Program (MAPP) partners. We are currently working to provide a solution through our monthly security update release process and will continue to monitor the issue as we prepare that.

Finally, we mentioned previously that changes are coming to the system we use for publishing our bulletins and security advisories. We still expect those changes to go live in June of this year. The main impact to customers will be a URL change from microsoft.com/technet/security to technet.microsoft.com/security. We are planning to have both the old and new sites available simultaneously for a period of time.

Please join the monthly technical webcast with your hosts, Jerry Bryant and Dustin Childs, to learn more about the March 2011 security bulletins. The webcast is scheduled for Wednesday, March 9, 2011 at 11:00 a.m. PST (UTC -8). Registration is available here.

For all the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

Thanks,

Angela Gunn
Trustworthy Computing.

Hello all --

Today, as part of our usual monthly bulletin cadence, we are providing our Advance Notification Service for March's security bulletins. This month we'll release three bulletins, one of them rated Critical and two rated Important, addressing issues in Microsoft Windows and Office. We'll close four vulnerabilities with those bulletins.

The bulletin release is once again slated for the second Tuesday of the month -- March 8th at 10:00 a.m. PST. Come back to this blog then for our official risk and impact analysis, as well as deployment guidance and a brief video overview of the month's highlights.

The monthly technical webcast next week will be hosted by Jerry Bryant and Dustin Childs. We invite you to tune in and learn more about the new security bulletin releases as well as other announcements to be made on Tuesday. That webcast is scheduled for Wednesday, March 9, 2011 at 11:00 a.m. PST (UTC -8), and the registration form can be found here.

Thank you,

Angela Gunn
Trustworthy Computing.