December, 2011

  • Microsoft releases MS11-100 for Security Advisory 2659883

    Hello, Today we released Security Update MS11-100 to address the issue described in Security Advisory 2659883 . The security update has a severity rating of Critical and resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework. Of note, the new method of hash collision attacks used to exploit this vulnerability is an industry-wide issue affecting various Web platforms, including ASP.NET. While...
  • A look back at 2011’s security landscape

    Hi everyone – Mike Reavey here. Today, we’re releasing our December set of security updates. As we do every month, we're providing a heads-up on what’s coming in this month’s release as well as offering links to more information so you can plan your deployment. However, since this is the last set of regular monthly security updates this year, I thought I’d take a minute to look back at some of the discoveries the MSRC made in the process of issuing the year’s bulletins...
  • Microsoft releases Security Advisory 2659883, offers workaround for industry-wide issue

    Hello, Today we published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. We are not aware of any attacks using this vulnerability, which affects all supported versions of .NET Framework, however we recommend customers use the mitigation and workaround described in the Advisory to help protect sites against this new method to exploit hash tables. Our teams are working...
  • The December bulletins are released

    Hello. As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing 13 security bulletins, three of which are rated Critical in severity, and 10 Important. These bulletins will increase protection by addressing 19 unique vulnerabilities in Microsoft products. Customers should plan to install all of these updates as soon as possible. For those who must prioritize deployment, we recommend focusing first on these critical updates: MS11-092 –...
  • Advanced Notification for out-of-band release to address Security Advisory 2659883

    Hello, Today we’re providing advance notification for an out-of-band security update to address the publicly disclosed issue described in Security Advisory 2659883 . The release is scheduled for tomorrow, December 29, at approximately 10 a.m. PST. The bulletin has a severity rating of Critical and addresses a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. While we’re currently unaware of any attacks targeting ASP.NET, we encourage all...
  • December 2011 Out-Of-Band Bulletin Release: Q&A and Webcast

    Hello, Today we published the December 2011 Out-of-Band Security Bulletin Webcast Questions & Answers page . We fielded 41 questions on the subject of MS11-100 . There were four questions during the webcast that we were unable to answer and we have included those questions and answers on the Q&A page. We invite our customers to join us for the next public webcast scheduled for Wednesday, January 11, 2012 at 11 a.m. PST (UTC -8), when we will go into detail about the January 2012 bulletin...
  • News from MAPP, and Advance Notification Service for the December 2011 Bulletin Release

    Hello all. Before we look at next week’s bulletin release, we’d like to point out an update to our Microsoft Active Protections Program (MAPP) that should provide customers with greater transparency as to how MAPP partners use the information we share with them when we release security advisories. As you know, we work closely with our MAPP partners to share information on issues as they arise, thus extending protections to the greatest possible number of computers on the Internet....
  • December 2011 Security Bulletin Webcast Q&A

    Hosts: Jonathan Ness, Security Development Manager, MSRC Jerry Bryant, Group Manager, Trustworthy Computing Communications Website: TechNet/Security Chat Topic: December 2011 Security Bulletin Release Date: Wednesday, December 14, 2011 Q: Some of my users had issues with text being deleted from Word documents. Is this an issue with the Office security bulletin ? A: We are not aware of any issues ofwords being removed from the document. If this continues, please contact support at 1-866...
  • December 2011 Bulletin Release Q&A and Slide Deck

    Hello, Today we published the December Security Bulletin Webcast Questions & Answers page . We fielded six questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. For more details on this month’s bulletins, click here to view the slide deck used in the webcast. See below to view the webcast. We invite our customers to join us for the next public webcast on Wednesday, January 11, 2012 at 11am PST (UTC -8), when...