December, 2013

  • Predictions for 2014 and the December 2013 Security Bulletin Webcast, Q&A, and Slide Deck

    Today we’re publishing the December 2013 Security Bulletin Webcast Questions & Answers page . We answered 17 questions in total, with the majority of questions focusing on the Graphics Component bulletin ( MS13-096 ), Security Advisory 2915720 and Security Advisory 2905247 . We also wanted to note a new blog on the Microsoft Security Blog site on the top cyber threat predications for 2014. Topics from ransomware to regulation are covered by seven of Trustworthy Computing’s top...
  • Omphaloskepsis and the December 2013 Security Update Release

    There are times when we get too close to a topic. We familiarize ourselves with every aspect and nuance, but fail to recognize not everyone else has done the same. Whether you consider this myopia, navel-gazing, or human nature, the effect is the same. I recognized this during the recent webcast when someone asked the question – “What’s the difference between a security advisory and a security bulletin?” The answer was simple to me, as I’ve been doing this for years...
  • Security Advisory 2916652 released, Certificate Trust List updated

    Microsoft is updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of a mis-issued third-party digital certificate, which could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties. With this action, customers will be automatically be protected against this issue. Additionally, the Enhanced Mitigation Experience Toolkit (EMET) 4.0 and newer versions help mitigate man-in-the-middle attacks by detecting...
  • Advance Notification Service for December 2013 Security Bulletin Release

    Today we’re providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666 . This release won’t include an update for the issue described in Security Advisory 2914486 . We’re still working to develop a security...