June, 2013

  • Announcing the Microsoft Bounty Programs

    Over the years, we've put a lot of work into helping secure the computing ecosystem and limiting the number of issues in our products. The security researcher community is critical to these efforts, as they help us find vulnerabilities in our software that we may have missed. Now we're taking it even further. We're launching three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities...
  • Improved cryptography infrastructure and the June 2013 bulletins

    It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year - and I’ve dealt with some interesting issues during my tenure - but our goal of providing the best customer protections possible remains a constant. For example, in June 2012, we introduced a new feature to automatically update the Certificate Trust List (CTL), allowing us to...
  • Advanced Notification Service for the June 2013 Security Bulletin Release

    Today we’re providing Advance Notification of five bulletins for release on Tuesday, June 11, 2013. This release brings one Critical- and four Important-class bulletins. The Critical-rated bulletin addresses issues in Internet Explorer, and the Important-rated bulletins address issues in Microsoft Windows and Office. We will publish the bulletins on the second Tuesday of the month, at approximately 10 a.m. PT. Please revisit this blog at that time for our official risk and impact analysis...
  • June 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the June 2013 Security Bulletin Webcast Questions & Answers page . We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler ( MS13-050 ), Microsoft Office ( MS13-051 ), and the security advisory addressing digital certificates ( SA2854544 ). There was one question we were unable to field on the air which we answered on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday...