December, 2012

  • Advance Notification Service for December 2012 Security Bulletin Release

    While it may be the most wonderful time of the year, we know it can also be the busiest time of the year. With that in mind, we’re providing advance notification that next Tuesday, Dec. 11, 2012, we’ll release seven security bulletins; five Critical and two Important, which address 11 vulnerabilities. The Critical bulletins address vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer. The two Important-rated bulletins will address issues in Microsoft Windows...
  • It’s That Time of Year, For the December 2012 Bulletin Release

    Happy holidays! I hope everyone is enjoying the festive season. I like to get my holiday shopping done early, and this year was no exception. In the middle of my holiday shopping last week, as I passed my cash from one store to the next, I was reminded of “Pass-the-Hash.” (My mind does tend to wander a bit as I shop.) For those not familiar, Pass-the-Hash (PtH) is a technique in which an attacker captures account logon credentials on one computer and then uses those captured credentials...
  • December 2012 Security Bulletin Webcast, Q&A, and Slide Deck

    Hello, Today we’re publishing the December 2012 Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded five questions focusing primarily on Microsoft Word and the Office compatibility pack in MS12-079 . All questions are included on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, January 9th at 11 a.m. PST (UTC -8), when we will go into detail about the January bulletin release and answer questions live on...
  • Microsoft Releases Security Advisory 2794220

    Today, we released Security Advisory 2794220 regarding an issue that impacts Internet Explorer 6, 7, and 8. We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect...
  • Fix it for Security Advisory 2794220 now available

    We have updated Security Advisory 2749920 to include the Fix it we discussed in Saturday’s blog post . This easy, one-click Fix it is available to everyone and prevents the vulnerability from being used for code execution without affecting your ability to browse the Web. Additionally, applying the Fix it does not require a reboot. While we have still observed only a few attempts to exploit this issue, we encourage all customers to apply this Fix it to help protect their systems. We continue...