On behalf of all of us here at Microsoft, I’d like to wish everyone a very happy New Year! With 2013 starting on a Tuesday, our monthly bulletin release is upon us a bit earlier than usual. Next Tuesday we’ll release seven bulletins; two Critical and five Important, which address 12 vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Office, Developer Tools and Microsoft Server Software. The Important-rated bulletins address issues in Microsoft Windows...

Hello, Today we released Security Advisory 2798897 to notify customers that we are aware of active attacks using a fraudulent digital certificate issued by TURKTRUST Inc. To help protect customers, we have updated the Certificate Trust List (CTL) to remove the trust of the certificates causing this issue, and we encourage customers follow the guidance in Security Advisory 2798897. TURKTRUST Inc. incorrectly created two subsidiary Certificate Authorities: (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi...

At the end of each year, some folks take a moment to jot down predictions about what the coming year has in store. I, on the other hand, do not do predictions. I am neither prognosticator, seer, fortune teller, prophet, clairvoyant, soothsayer, nor medium; although I have been accused of being a thaumaturge and security gnome, but only in good ways, of course. Fortunately, Microsoft Trustworthy Computing’s own Tim Rains, director of product Management, has offered predictions about the security...

Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future. The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not...

Today we’re publishing the January2013 Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded 12 questions focusing primarily on the Print Spooler ( MS12-001 ) and .NET Framework ( MS13-004 ) updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February bulletin release and answer questions live...

Today, we released MS13-008 to address the issue described in Security Advisory 2794220 . We’ve seen only a limited number of attacks through an issue in Internet Explorer 6-8, but the potential exists that more customers could be affected. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we strongly encourage you to apply this update as quickly as possible...

Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded 17 questions focusing on Security Update MS13-088 , and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February...