Today we’re releasing Security Advisory 2607712 , to address at least one fraudulent digital certificate issued by DigiNotar , a root certificate authority. DigiNotar has since revoked the digital certificate. This is not a Microsoft security vulnerability; however, the certificate potentially affects Internet users attempting to access websites belonging to Google. A fraudulent certificate may be used to spoof Web content, perform phishing attacks or perform man-in-the-middle attacks against...

Hello all. It has been very nearly a week since our BlueHat Prize contest announcement at Black Hat. Now that everyone’s had some time to digest the basics, we’ve asked Senior Security Strategist and chief BlueHat Prize architect Katie Moussouris to stop by the Trustworthy Computing studio today at 11 a.m. PDT to answer a few more questions about the contest. She’ll discuss how it works and what she expects will happen next, and she’ll answer some common questions such as...

Hello all. Before we look at next week’s bulletin release, we’d like to recommend – for those of you who missed it in the run-up to this year’s Black Hat conference – the third annual Microsoft Security Response Center Progress Report . Every year around this time, we look back at the progress our key security programs have made. This year’s report, which recaps (among other things) the expansion of our Microsoft Active Protections Program and the launch of our...

Hi everyone, Black Hat this year was really great. We spent a lot of time talking to people and getting new perspectives on the security landscape and of course, we announced the BlueHat Prize contest. The reaction to the contest was outstanding. In fact, within the first 24 hours, we had already received a few submissions and a bunch of questions indicating a lot of interest in winning the $200,000 grand prize. Based on the questions, it was clear there were a couple of areas where we needed...

Hello, Today we published the August Security Bulletin Webcast Questions & Answers page . We fielded six questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, September 14th at 11 a.m....