Hello all. It has been very nearly a week since our BlueHat Prize contest announcement at Black Hat. Now that everyone’s had some time to digest the basics, we’ve asked Senior Security Strategist and chief BlueHat Prize architect Katie Moussouris to stop by the Trustworthy Computing studio today at 11 a.m. PDT to answer a few more questions about the contest.  She’ll discuss how it works and what she expects will happen next, and she’ll answer some common questions such as who owns the intellectual property. We’ll be taking your questions, too! Register for the webcast at this link.

As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing 13 security bulletins, two of which are rated Critical in severity, nine Important and two Moderate.

These bulletins will increase protection by addressing 22 unique vulnerabilities in Microsoft products. Customers should plan to install all of these updates as soon as possible. For those who must prioritize deployment, we recommend focusing first on the two critical updates:

  • MS11-057 (Internet Explorer). This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Microsoft is not aware of any attacks leveraging the vulnerabilities addressed in this bulletin.
  • MS11-058 (DNS Server). This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted Naming Authority Pointer (NAPTR) query to a DNS server. Servers that do not have the DNS role enabled are not at risk.

In this video, Jerry Bryant discusses this month's bulletins in further detail, focusing on these two bulletins:

As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).

Our risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view).

You can find more information about this month's security updates on the Microsoft Security Bulletin Summary web page. In addition, the SRD blog today has more information on MS11-058’s Exploitability Index rating and on the month’s deployment priorities.

Per our usual process, we’ll offer the monthly technical webcast on Wednesday, hosted by Jerry Bryant and Jonathan Ness. I invite you to tune in and learn more about the June security bulletins, as well as other announcements made today. The webcast is scheduled for Wednesday, August 10, 2011 at 11 a.m. PDT, and you can register here.

For all the latest information, please also follow the MSRC team on Twitter at @MSFTSecResponse.

Thank you,

Angela Gunn
Trustworthy Computing.