Hello -- As per our usual cadence, today we’re releasing our advance notification for this month’s security bulletin release, which is scheduled for Tuesday, July 10. The July release includes nine bulletins addressing 16 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Visual Basic for Applications. We will release all nine bulletins on Tuesday at approximately 10 a.m. PDT. Check back here on Tuesday for our official risk and impact analysis, along with...

Before we dive into the July security updates, let’s change up the normal order and take a look at the two Security Advisories we are releasing today. One takes an exciting step into the future, while the other prepares us to take an equally important step away from the past. Security Advisory 2719662 Today we’re releasing Security Advisory 2719662 , which allows system administrators to disable the Windows Sidebar and Gadgets on supported versions of Windows Vista and Windows 7...

Today we published the July Security Bulletin Webcast Questions & Answers page , and the July 2012 Security Bulletin Release Webcast slide deck . We fielded 15 questions on various topics during the webcast, including bulletins and advisory details, deployment questions, and plans for later updates. We also received a question that we weren’t able to tackle in the allotted time; we’ve answered that one in the Q&A as well. Our webcast from Wednesday is now available for on-demand...

Hello, To mark the start of the 10-day countdown to the BlueHat Prize award ceremony, the MSRC Ecosystem Strategy Team is announcing the BlueHat Prize Question Sweepstakes that will give you a chance to win $5,000 at Black Hat this year! Be sure to check out the official announcement here and the official rules here to see how your input could help us shape a future BlueHat Prize contest. Feel free to start the brainstorming and discussion of security defense questions on Twitter with hashtag...

Hello – Today we published Security Advisory 2737111, which provides mitigations and workarounds that will help protect customers from a known vulnerability in one of Oracle’s Outside In libraries, which were updated earlier this month. Microsoft licenses the libraries from Oracle and uses them in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint. We are not aware of active exploits using this issue, but we do recommend customers...

One year ago this week we challenged the security community to take an unconventional focus on defensive innovation. We called that challenge the BlueHat Prize , and tomorrow night, we will award the grand prize of $200,000 to one of the finalists, either Jared DeMott, Ivan Fratric, or Vasilis Pappas. All three finalists submitted prototype mitigations that help prevent exploits that use Return Oriented Programming (ROP) techniques. But that’s tomorrow night. Today, I’m excited to...

In a little less than 24 hours, we will award $200,000 to Jared DeMott, Ivan Fratric, or Vasilis Pappas as we name the inaugural winner of the BlueHat Prize – and we’ll award more than $50,000 for the two runners-up. As excitement builds towards that announcement, I was fortunate enough to sit down with each finalist and get to know them a little bit better. Each of these researchers coincidentally took on the problem of mitigating ROP exploits, but each had different reasons for participating...

Minutes ago in Las Vegas at the Microsoft Researcher Appreciation Party, we completed the journey we set out on together at the 2011 Black Hat briefings. There, we asked the security research community to focus its talent and expertise on defense, to design and prototype novel runtime mitigation technologies to prevent the successful exploitation of memory safety vulnerabilities. This was a paradigm shift for many – moving from addressing single vulnerabilities to focusing on ways to mitigate...