We have updated Security Advisory 2749920 to include the Fix it we discussed in Saturday’s blog post . This easy, one-click Fix it is available to everyone and prevents the vulnerability from being used for code execution without affecting your ability to browse the Web. Additionally, applying the Fix it does not require a reboot. While we have still observed only a few attempts to exploit this issue, we encourage all customers to apply this Fix it to help protect their systems. We continue...

On behalf of all of us here at Microsoft, I’d like to wish everyone a very happy New Year! With 2013 starting on a Tuesday, our monthly bulletin release is upon us a bit earlier than usual. Next Tuesday we’ll release seven bulletins; two Critical and five Important, which address 12 vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Office, Developer Tools and Microsoft Server Software. The Important-rated bulletins address issues in Microsoft Windows...

Hello, Today we released Security Advisory 2798897 to notify customers that we are aware of active attacks using a fraudulent digital certificate issued by TURKTRUST Inc. To help protect customers, we have updated the Certificate Trust List (CTL) to remove the trust of the certificates causing this issue, and we encourage customers follow the guidance in Security Advisory 2798897. TURKTRUST Inc. incorrectly created two subsidiary Certificate Authorities: (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi...

At the end of each year, some folks take a moment to jot down predictions about what the coming year has in store. I, on the other hand, do not do predictions. I am neither prognosticator, seer, fortune teller, prophet, clairvoyant, soothsayer, nor medium; although I have been accused of being a thaumaturge and security gnome, but only in good ways, of course. Fortunately, Microsoft Trustworthy Computing’s own Tim Rains, director of product Management, has offered predictions about the security...

Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future. The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not...

Today we’re publishing the January2013 Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded 12 questions focusing primarily on the Print Spooler ( MS12-001 ) and .NET Framework ( MS13-004 ) updates. All questions are included on the Q&A page. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February bulletin release and answer questions live...

Today, we released MS13-008 to address the issue described in Security Advisory 2794220 . We’ve seen only a limited number of attacks through an issue in Internet Explorer 6-8, but the potential exists that more customers could be affected. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we strongly encourage you to apply this update as quickly as possible...

Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page . During the webcast, we fielded 17 questions focusing on Security Update MS13-088 , and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript. We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February...

We’re kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. Per our typical...

Today we revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10 on Windows 8, this revision was released in conjunction with Adobe’s update process. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft...