Today we're announcing plans to release a security update to address the vulnerability discussed in on Monday, August 2, 2010 at or around 10 AM PDT.  We are releasing the bulletin as we've completed the required testing and the update has achieved the appropriate quality bar for broad distribution to customers. Additionally, we're able to confirm t.. more »

Today, Microsoft announced plans to release of an out-of-band update to address CVE-2010-2568 (described in Microsoft Knowledge Base Article (2286198) ). As mentioned earlier this month, the Microsoft Malware Protection Center (MMPC), along with other Microsoft Active Protection Program partners, have been keeping a close watch on the use of .LNK .. more »

It was two years ago at Black Hat that my colleague Katie Moussouris of the Microsoft Vulnerability Research (MSVR) program. Shortly thereafter I assumed ownership of the fledgling program to start making our goals a reality. The primary goal as it was defined sounded simple enough: Protect the larger ecosystem by reporting vulnerabilities in a .. more »

The U.S. Senate commerce committee held a hearing this week on “consumer online privacy,” but it consisted mostly of talking with little to no consensus on what action should be taken (if any) to regulate Internet data collection. The bottom line: don’t expect any actual legislation to be passed anytime soon. more..... more »

If your organization uses the Chrome browser, be sure to update to the newest version. It fixes three high-risk security vulnerabilities that could expose users to malicious attacks. The update is available for Windows, Linux, Mac and Chrome Frame operating systems. Technical details are being withheld, but you can read more about it here: .. more »

Hi everyone, Bryan here. If you’re at Black Hat this week, I’ll be giving a talk Thursday afternoon on the topic of – the ability for applications to change which cryptographic algorithms or implementations they use without having to make changes to the source code. Cryptographically agile applications can more easily comply with various countr.. more »

released a tool on this blog called EMET that provides users with the ability to deploy security mitigation technologies to arbitrary applications. Doing so helps to prevent vulnerabilities in those applications (especially line of business and 3 What is new with version 2? EMET sparked customer interest and based on the feedback that we received, w.. more »

Two years ago, in front of a standing-room only crowd here at Black Hat, we introduced three new information sharing programs as well as the concept of Community-Based Defense. The underlying concept shared by all three programs was simple-collaboration will be key to preventing and defending against online crime going forward; no one company, .. more »

"Adun Toridas!" Starcraft fans would recognize that as a famous line from the first Starcraft version, which was released in 1998. Starcraft is a real-time strategy game that became a massive hit worldwide. The release date for its sequel, Starcraft II: Wings of Liberty, is today, the 27th of July. Players can install the game but can only a.. more »

The shortcut (.LNK) file vulnerability that we reported on earlier this month – which affects Windows XP, Vista and Windows 7 – has not yet been patched by Microsoft. Security Advisory 2286198 advised of workarounds but many people are not happy with those. There are now exploits out there “in the wild” that take advantage of this vulnerab.. more »

Hi everyone, this is Grant Bugher. I’ll be giving a talk Thursday afternoon at BlackHat 2010 about securely using cloud storage systems like Windows Azure Storage – how applications that use cloud storage as their database back-end can protect themselves from attacks. Just as with traditional methods of data storage and retrieval like SQL-based rela.. more »

Hi, Adam Shostack here.   I just wanted to let you know that I’ll be speaking at Black Hat about “Elevation of Privilege: The Easy Way to Threat Model.” Threat modeling is critical to secure development, and people find it intimidating and tough to get started. I will present Elevation of Privilege, a simple card game that makes it easy and fun .. more »

Steve Lipner here. Next Tuesday evening (July 27), will be sponsoring a brainstorming panel at Black Hat that’s aimed at gathering security community input on vision and approaches for improving software assurance over the next 10 years. SAFECode members all have established software assurance programs, but we all believe it’s important to seek new .. more »

Hi everyone. Today we're releasing our for the July security bulletin release, which is scheduled for Tuesday, July 13. This month's release includes four bulletins addressing five vulnerabilities. and one is rated Important. As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and .. more »

, addressing the vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. We are not aware of any active attacks at this time. Customers running Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not vulnerable to this issue or at risk of attack. We recommend that customers .. more »

We have announced the general availability of MAP 5.0 during worldwide partner conference (WPC). We are excited to see strong response and following to MAP 5.0. In this blog, we would like to explore "SQL Server Consolidation report", one of the new features...(read more).. more »

Jeremy Dallman here to let you know we published a couple of new interesting Microsoft SDL stories last week in an effort to continue demonstrating in a tangible and easy-to-read way how Microsoft teams implement the SDL.   We hear about more companies investigating how they can integrate the Microsoft SDL into their software development process i.. more »

Three have a maximum severity rating of Critical and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Likely first 30 days impact Platform mitigations and key notes Victim browses to a malicious webpage. Proof-of-concept has been .. more »

Severity Rating: Important - Revision Note: V1.1 (July 13, 2010): Added an entry in the Update FAQ to announce a detection change to the update for Windows 7 for 32-bit Systems. This is a detection change only. There were no changes to the security update files in this bulletin. Customers who have already installed the update successfully do not .. more »

for the June security bulletin release, scheduled for release next Tuesday, June 8. This month’s release includes ten bulletins addressing 34 vulnerabilities. Six of the bulletins affect Windows; of those, two carry a Critical and four are rated Important. Two bulletins, both with a severity rating of Important, affect Microsoft Office. One bu.. more »