Archive

Archive for the ‘Microsoft Dynamics’ Category

Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A

January 17th, 2014 No comments

Today we’re publishing the January 2014 Security Bulletin Webcast Questions & Answers page.  We answered 16 questions in total, with the majority of questions focusing on the Dynamics AX bulletin (MS14-004), the update for Microsoft Word (MS14-001) and the re-release of the Windows 7 and Windows Server 2008 R2 updates provided through MS13-081.

We also wanted to point out a new blog from the Microsoft Malware Protection Center (MMPC) detailing support antimalware support for Windows XP beyond April 8, 2014. Although there will be no new security updates for Windows XP after this date, Microsoft will continue to  provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015.

We invite you to join us for the next scheduled webcast on Wednesday, February 12, 2014, at 11 a.m. PST (UTC -8), when we will go into detail about the February bulletin release and answer your bulletin deployment questions live on the air.

You can register to attend the webcast at the link below:

Date: Wednesday, February 12, 2014
Time: 11:00 a.m. PST (UTC -8)
Register:
Attendee Registration

I look forward to seeing you next month.

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

A Look Into the Future and the January 2014 Bulletin Release

January 14th, 2014 No comments

In January, there are those who like to make predictions about the upcoming year. I am not one of those people. Instead, I like to quote Niels Bohr who said, “Prediction is very difficult, especially if it’s about the future.” However, I can say without a doubt that change is afoot in 2014.

In February, usage of the MD5 hash algorithm in certificates will be restricted, as first discussed in Security Advisory 2862973, and the update goes out through Microsoft Update on the 11th. This will impact applications and services using certificates with the MD5 hashing algorithm and will apply only to certificates utilized for server authentication, code signing and time stamping. The restriction is limited to certificates issued under roots in the Microsoft root certificate program.

Support for Windows XP comes to an end in April. There has already been much written about this auspicious event, so I won’t rehash it all here. Of course, we realize that just because support is ending, it does not mean XP usage will – much to the delight of attackers around the world. I’m not sure if it’s possible to have fond memories of an operating system, but XP will always maintain a warm place in my heart – just not on my laptop.

June brings changes to the Windows Authenticode verification function. This affects developers more than consumers, but it’s an important change. Once implemented, certain programs will be considered "unsigned" if Windows identifies content that does not conform to the Authenticode specification. You can read all about this change in Security Advisory 2915720 and over on the SRD blog.

Some things will remain the same. Sun or snow, we will still be here every second Tuesday of the month to bring you the latest security updates. This month, we’re releasing four security bulletins addressing six unique CVEs in Microsoft Windows, Office, and Dynamics AX.  All updates this month are rated Important. Here’s on overview of this month’s release:

Click to embiggen

 

Our top deployment priority for this month is MS14-002, which addresses a publicly known issue in the Windows Kernel.

MS14-002 | Vulnerability in Windows Kernel Could Allow Elevation of Privilege This bulletin addresses the issue first described in Security Advisory 2918840, which allows an attacker to perform an elevation of privilege if they are able to log on to a system and run a specially crafted application. We are aware of targeted attacks using this vulnerability, where attackers attempts to lure someone into opening a specially crafted PDF to access the system. Even when we first saw this, the PDF portion of the attack did not affect those with a fully updated system.

We’re also re-releasing MS13-081 to provide a re-offering of KB2862330 for Windows 7 and Windows Server 2008 R2. The re-released update addresses an issue in the original offering that caused the KB2862330 update to fail or only partially install on some systems with third-party USB drivers. If you are running an affected system, you will be re-offered the new update and we encourage you to install it at the earliest opportunity.

Finally, we are also revising Security Advisory 2755801 with the latest update for Adobe Flash Player in Internet Explorer. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-02. For more information about this update, including download links, see Microsoft Knowledge Base Article 2916626.

Watch the bulletin overview video below for a brief summary of today's releases.

For more information about this month’s security updates, including the detailed view of the Exploit Index broken down by CVE, visit the Microsoft Bulletin Summary Web page.

William Peteroy and I will host the monthly bulletin webcast, scheduled for Wednesday, January 15, 2013, at 11 a.m. PST. I invite you to register here, and tune in to learn more about this month’s security bulletins and advisories.

For all the latest information, you can also follow us at @MSFTSecResponse.

I look forward to hearing your questions about this month’s release in our webcast tomorrow.

Thanks, Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Former Microsoft executive tapped by White House to run HealthCare.gov site

December 17th, 2013 No comments

Kurt DelBene, a former Microsoft executive, has been named senior advisor to the Secretary of Health and Human Services and will lead and manage HealthCare.gov, the federal government’s health insurance website, in his new role.

DelBene recently retired from Microsoft after two decades of leading large, technical teams at the company, including being president of the Microsoft Business Division, general manager of Microsoft Outlook and group manager of Microsoft Exchange.

“Kurt is a talented and capable executive, with a track record of successfully managing complex large-scale technology projects,” said Bill Gates, Microsoft founder and chairman. “Working with Kurt over many years, I know him to be a passionate advocate for using technology to solve difficult problems at scale.  He brings deep expertise as a manager and engineer to his new responsibilities. I’m certain he’ll make an important positive contribution in his new role with HHS.”

Microsoft Chief Executive Officer Steve Ballmer called DelBene a “phenomenal leader who established Microsoft Office as a world-class service for billions of people. Clearly, Kurt’s technical and business skills will be invaluable in his new endeavor.”

DelBene was president of Microsoft’s Office Division in July 2013, when he announced he would retire from Microsoft at the end of this year. After his announcement, he transitioned into a short-term role as special advisor to Qi Lu, executive vice president of Microsoft’s Applications and Services Group.

DelBene will see the HealthCare.gov project through its next important phase as the content management system team continues build on its initial progress, and he has agreed to serve in this role for at least the first half of next year.

Suzanne Choney
Microsoft News Center Staff