September, 2011

  • More on Microsoft’s response to the DigiNotar compromise

    This blog post was updated Sept. 5, 2011 below. Microsoft’s investigation into the scope and impact of the DigiNotar compromise has continued over the holiday weekend. We’ve now confirmed that spoofed certificates for *.microsoft.com and *.windowsupdate.com are among those issued by the Dutch firm. Users of Vista and later operating systems have been protected since we released Security Advisory 2607712 on August 29. In addition, customers using Windows Update on any platform are...
  • Microsoft releases Security Advisory 2588513

    Hello. Today we released Security Advisory 2588513 , addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a whole rather than any specific platform. Our Advisory addresses the issue via the Windows operating system. We are not aware of a way to exploit this issue in other protocols or components, and we have...
  • Microsoft updates Security Advisory 2607712

    Today we’re updating Security Advisory 2607712 , to announce that based on our investigation, we’ve deemed all DigiNotar certificates to be untrustworthy and have moved them to the Untrusted Certificate Store. Additionally, we have extended our support with this update so all customers using Windows XP, Windows Server 2003, and all Windows supported third-party applications are protected. Today’s update, deployed via Automatic Update, applies to all supported releases of Microsoft...
  • More on DigiNotar Certificates, and September Bulletins

    In an effort to protect customers, last week we released Security Advisory 2607712 along with a non-security update to add fraudulent DigiNotar certificates to the Windows Untrusted Certificate Store. Today, we are releasing another update (2616676), adding six additional DigiNotar root certificates that are cross-signed by Entrust and GTE, to the Untrusted Certificate Store. Update 2616676 supersedes 2607712 and contains the full list of certificates which are: DigiNotar Root CA DigiNotar...
  • Advanced Notification for the September 2011 Bulletin Release

    Hello everyone, As we do each month, we're providing advanced notification on the release of five Important security bulletins, addressing 15 vulnerabilities, to help protect customers using Microsoft Windows and Office. As usual, the bulletin release is scheduled for the second Tuesday of the month, September 13, at approximately 10 a.m. PDT. Additionally, I wanted to let you know that in order to facilitate localization, Microsoft has enhanced its URL pattern for all security bulletins. Now...
  • Cumulative non-security update protects from fraudulent certificates

    Today, Microsoft re-released KB2616676 non-security update for customers using Microsoft Windows XP and Windows Server 2003, which addresses an issue described in the “known issues” section of KB2616676. Customers who have enabled automatic updates are already protected and no further action is required, and others are recommended to download the cumulative version of the KB2616676 to protect themselves from the fraudulent certificates listed in Security Advisory 2607712. Thanks...
  • Q&A from the September 2011 Security Bulletin Webcast

    Hello, Today we published the September Security Bulletin Webcast Questions & Answers page . We fielded 15 questions primarily regarding the Diginotar Certificate compromise and the associated Security Advisory. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, October 12th at 11 a.m. PDT (-8 UTC)...