Archive

Archive for the ‘Security Update Webcast’ Category

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

November 15th, 2013 No comments

Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest.

We’ve discussed the Microsoft Baseline Security Analyzer (MBSA) tool in this and many other webcasts, and I’m happy to report version 2.3 is now available. This new version adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. However, Windows 2000 systems will no longer be supported by MBSA. If you aren’t familiar with the tool or would just like to know more about it, we encourage you to read the FAQ found on the Security TechCenter. Thanks also go out to everyone who participated in the public preview leading up to this release.

We invite you to join us for the next scheduled webcast on Wednesday, December 11, 2013, at 11 a.m. PST (UTC -8), when we will go into detail about the December bulletin release and answer your bulletin deployment questions live on the air.

You can register to attend the webcast at the link below:

Date: Wednesday, December 11, 2013
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

 

 

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

November 15th, 2013 No comments

Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest.

We’ve discussed the Microsoft Baseline Security Analyzer (MBSA) tool in this and many other webcasts, and I’m happy to report version 2.3 is now available. This new version adds support for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. However, Windows 2000 systems will no longer be supported by MBSA. If you aren’t familiar with the tool or would just like to know more about it, we encourage you to read the FAQ found on the Security TechCenter. Thanks also go out to everyone who participated in the public preview leading up to this release.

We invite you to join us for the next scheduled webcast on Wednesday, December 11, 2013, at 11 a.m. PST (UTC -8), when we will go into detail about the December bulletin release and answer your bulletin deployment questions live on the air.

You can register to attend the webcast at the link below:

Date: Wednesday, December 11, 2013
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

 

 

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

September 2013 Security Bulletin Webcast, Q&A, and Slide Deck

September 13th, 2013 No comments

Today we’re publishing the September 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on Office bulletins, especially SharePoint Server (MS13-067). We received multiple Office related questions that were very similar in nature, so the questions have been merged, as applicable, with consolidated answers provided. We were able to answer six questions on air, and those we did not have time for have been included on the Q&A page.  

We invite our customers to join us for the next public webcast on Wednesday, October 9, 2013, at 11 a.m. PDT (UTC -7), when we will go into detail about the October bulletin release and answer questions live on the air.

Customers can register to attend the webcast at the link below:

Date: Wednesday, October 11, 2013
Time: 11:00 a.m. PDT (UTC -7)
Register:
Attendee Registration

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

September 2013 Security Bulletin Webcast, Q&A, and Slide Deck

September 13th, 2013 No comments

Today we’re publishing the September 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on Office bulletins, especially SharePoint Server (MS13-067). We received multiple Office related questions that were very similar in nature, so the questions have been merged, as applicable, with consolidated answers provided. We were able to answer six questions on air, and those we did not have time for have been included on the Q&A page.  

We invite our customers to join us for the next public webcast on Wednesday, October 9, 2013, at 11 a.m. PDT (UTC -7), when we will go into detail about the October bulletin release and answer questions live on the air.

Customers can register to attend the webcast at the link below:

Date: Wednesday, October 11, 2013
Time: 11:00 a.m. PDT (UTC -7)
Register:
Attendee Registration

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

August 2013 Security Bulletin Webcast, Q&A, and Slide Deck

August 19th, 2013 No comments

Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server (MS13-061) and Windows Kernel (MS13-063).  There were 3 additional questions during the webcast that we were unable to answer on air, and we have also answered those on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, September 11, 2013, at 11 a.m. PDT (UTC -8), when we will go into detail about the September bulletin release and answer questions live on the air.

Customers can register to attend the webcast at the link below:

Date: Wednesday, September 11, 2013
Time: 11:00 a.m. PDT (UTC -7)
Register:
Attendee Registration

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

 

 

August 2013 Security Bulletin Webcast, Q&A, and Slide Deck

August 19th, 2013 No comments

Today we’re publishing the August 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Exchange Server (MS13-061) and Windows Kernel (MS13-063).  There were 3 additional questions during the webcast that we were unable to answer on air, and we have also answered those on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, September 11, 2013, at 11 a.m. PDT (UTC -8), when we will go into detail about the September bulletin release and answer questions live on the air.

Customers can register to attend the webcast at the link below:

Date: Wednesday, September 11, 2013
Time: 11:00 a.m. PDT (UTC -7)
Register:
Attendee Registration

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

 

 

July 2013 Security Bulletin Webcast, Q&A, and Slide Deck

July 12th, 2013 No comments

Today we’re publishing the July 2013 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 10 questions covering all updates. All questions are included on the Q&A page.

 We invite our customers to join us for the next scheduled webcast on Wednesday, August 14th at 11 a.m. PT (UTC -8), when we will go into detail about the August 2013 bulletin release and answer questions live on the air.

 Customers can register to attend at the link below:

Date: Wednesday, July 14, 2013
Time: 11:00 a.m. PT (UTC -8)
Register:
Attendee Registration

 

 

Thanks,

Dustin Childs
Group Manager, Trustworthy Computing

May 2013 Security Bulletin Webcast, Q&A, and Slide Deck

May 17th, 2013 No comments

For those who couldn’t attend the live webcast, today we’re publishing the May 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer (MS13-037 and MS13-038) and Visio (MS13-044). 

We invite our customers to join us for the next public webcast on Wednesday, June 12, 2013, at 11 a.m. PDT (UTC -7), when we will go into detail about the June bulletin release and answer questions live on the air.

Customers can register to attend the webcast at the link below:

Date: Wednesday, June 12, 2013
Time: 11:00 a.m. PDT (UTC -7)
Register:
Attendee Registration

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

April 2013 Security Bulletin Webcast, Q&A, and Slide Deck

April 16th, 2013 No comments

Today we’re publishing the April 2013 Security Bulletin Webcast Questions & Answers page.  We fielded nine questions during the webcast, with almost half of those focused on the Remote Desktop Client bulletin (MS13-024).  One question that was not answered on air has been included on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, May 15, 2013, at 11 a.m. PDT (UTC -7), when we will go into detail about the May bulletin release and answer questions live on the air.

Customers can register to attend the webcast at the link below:

Date: Wednesday, May 15, 2013
Time: 11:00 a.m. PDT (UTC -7)
Register:
Attendee Registration

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

March 2013 Security Bulletin Webcast, Q&A, and Slide Deck

March 15th, 2013 No comments

Today we’re publishing the March 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer (MS13-021), SharePoint (MS13-024) and the update for Kernel-Mode Drivers in MS13-027.  There were six additional questions during the webcast that we were unable to answer on air, and we have also answered those on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, April 10, 2013, at 11 a.m. PDT (UTC -7), when we will go into detail about the April bulletin release and answer questions live on the air.

Customers can register to attend the webcast at the link below:

Date: Wednesday, April 10, 2013
Time: 11:00 a.m. PDT (UTC -7)
Register:
Attendee Registration

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Baseball, Bulletins and the February 2013 Release

February 12th, 2013 No comments

Before we discuss this month’s release, I wanted to briefly touch on the big event happening this week. No, I’m not talking about the romantically-themed holiday on Thursday. I’m talking about the start of spring training and the return of baseball. There are a few things I am very passionate about and those who know me, know how much I love baseball. From playing, to coaching, to watching, it’s how I spend most of my free time. Of course, those who know me also know I am passionate about defense, both on the field and off. As a catcher and with Trustworthy Computing, protection is just another part of the job.

When it comes to protections for computers, I usually point to our security updates (mentioned below), but I also like to bring up additional tools that people can use to protect their systems.  The Enhanced Mitigation Experience Toolkit (EMET) is a free tool that offers great protection, but many people I talk to haven’t heard of it or don’t use it.  If you are not familiar with EMET, it provides security mitigation technologies to make it more difficult for an attacker to exploit vulnerabilities in existing software – even those issues that are unknown. EMET does this by stopping known exploit techniques and allowing applications to opt-in to existing mitigations that already exist on your system, like Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR).

We’ve been recommending EMET for a while, and it’s great to see others endorse it as well. While quite a few folks have installed EMET on their home systems, the tool can be a bit daunting to configure at first glance. To help out, we’ve provided some easy installation and configuration tips for home users.

Now, on to today’s bulletins.

We’re releasing 12 bulletins, five Critical-class and seven Important-class, addressing 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework. For those who need to prioritize deployment, we recommend focusing on MS13-009, MS13-010 and MS13-020 first:

MS13-009 (Microsoft Internet Explorer)

This security update resolves thirteen issues in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current owner. The issues were privately disclosed and we have not detected any attacks or customer impact.

MS13-010 (Vector Markup Language)

This security update resolves an issue in the Microsoft implementation of Vector Markup Language (VML). The vulnerability could allow remote code execution if a user viewed a specially crafted webpage using Internet Explorer.  This issue was privately reported and we have not detected any attacks or customer impact.

MS13-020 (Microsoft Windows)

This security update resolves an issue in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user opens a specially crafted file. An attacker who successfully exploited the vulnerability could gain the same rights as the current owner.  This issue was privately reported and we have not detected any attacks or customer impact.

Please watch the bulletin overview video below for a quick summary of today’s releases.

As always, we recommend that our customers deploy all security updates as soon as possible. Our deployment priority guidance is below to further assist in deployment planning (click for larger view).

Our risk and impact graph shows an aggregate view of this month’s severity and exploitability index (click for larger view).

For more information about this month’s security updates, visit the Microsoft Security Bulletin summary webpage.

Jonathan Ness and I will host the monthly technical webcast, scheduled for Wednesday, February 13, 2013, at 11 a.m. PST. I invite you to register hereand tune in to learn more about the February security bulletins and advisories.

For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.

I hope your team has a great spring, and I look forward to hearing your questions during the webcast.

Thank you,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

January 2013 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

January 15th, 2013 No comments

Today we’re publishing the January 2013 Out-of-Band Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 17 questions focusing on Security Update MS13-088, and SecurityAdvisory 2794220 which was deprecated by this update release. All questions and answers are included in the transcript.

 

We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February bulletin release and answer questions live on the air.

 

Customers can register to attend at the link below:

Date: Wednesday, February 13, 2013
Time: 11:00 a.m. PST (UTC -8)
Register:
Attendee Registration

 

 

Thanks,

Dustin Childs
Group Manager, Trustworthy Computing

MS13-008 Released for Security Advisory 2794220

January 14th, 2013 No comments

Today, we released MS13-008 to address the issue described in Security Advisory 2794220. We’ve seen only a limited number of attacks through an issue in Internet Explorer 6-8, but the potential exists that more customers could be affected. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we strongly encourage you to apply this update as quickly as possible. As always, we recommend upgrading to Internet Explorer 9-10, as they are not impacted by this issue.

As we discussed in the ANS blog post, if you previously applied the Fix it offered through the advisory, you do not need to uninstall it before applying the security update released today. However, the Fix it is no longer needed after the security update is installed, so we are recommending that you uninstall it after you have applied the update to your system.

Please watch the video below for an overview of this security update, and you can find more information on the Microsoft Security Bulletin summary webpage.

We also invite you to join Jonathan Ness and myself for a live webcast at 1 p.m. PST today, where we’ll provide a detailed review of the bulletin and answer your questions in real-time. You can register here. I look forward to chatting with you then.

Thanks,

Dustin Childs
Group Manager
Trustworthy Computing

 

January 2013 Security Bulletin Webcast, Q&A, and Slide Deck

January 12th, 2013 No comments

Today we’re publishing the January2013 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded 12 questions focusing primarily on the Print Spooler (MS12-001) and .NET Framework (MS13-004) updates. All questions are included on the Q&A page.

 

We invite our customers to join us for the next scheduled webcast on Wednesday, February 13th at 11 a.m. PST (UTC-8), when we will go into detail about the February bulletin release and answer questions live on the air.

 

Customers can register to
attend at the link below:

Date: Wednesday, February 13, 2013
Time: 11:00 a.m. PST (UTC -8)
Register:
Attendee Registration

 

>

 

Thanks,

Dustin Childs
Group Manager, Trustworthy Computing

December 2012 Security Bulletin Webcast, Q&A, and Slide Deck

December 17th, 2012 No comments

Hello,

Today we’re publishing the December 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded five questions focusing primarily on Microsoft Word and the Office compatibility pack in MS12-079. All questions are included on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, January 9th at 11 a.m. PST (UTC -8), when we will go into detail about the January bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, January 9, 2013
Time: 11:00 a.m. PST (UTC -8)
Register:
Attendee Registration

Thanks,

Dustin Childs
Group Manager, Trustworthy Computing

 

September 2012 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

September 24th, 2012 No comments

Hello.

Today we’re publishing the September 2012 Security Bulletin Out-of-Band Webcast Questions & Answers page. During the webcast, we fielded 19 questions. Those were focused on MS12-063, the out-of-band cumulative release for Internet Explorer, and Security Advisory 2755801, which involves an issue with the Adobe Flash Player implementation for Internet Explorer 10. All questions are included on the Q&A page.

Thanks,

Yunsun Wee
Director, Trustworthy Computing

August 2012 Security Bulletin Webcast, Q&A, and Slide Deck

August 18th, 2012 No comments

Hello.

Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls,  MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing trust certificates with RSA keys less than 1024 bit key lengths. Three additional questions were answered after the webcast. All questions are included on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, September 12th at 11 a.m. PDT (-7 UTC), when we will go into detail about the September bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, September 12, 2012

Time: 11:00 a.m. PDT (UTC -7)

Register: AttendeeRegistration

Thanks,

Yunsun Wee

Director, Trustworthy Computing.

Q&A from the October 2011 Security Bulletin Webcast

October 15th, 2011 No comments

Hello,

Today we published the October Security Bulletin Webcast Questions & Answers page. We fielded eight questions across all bulletins. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, November 9th at 11am PDT (UTC -7), when we will go into detail about the November bulletin release and answer questions live on the air.

Customers can register to attend at the link below:
Date: Wednesday, November 9th, 2011
Time: 11:00 a.m. PST (UTC -7)
Register: Attendee Registration

 

Thanks,
Jerry Bryant
Group Manager, Response Communications
Microsoft Trustworthy Computing

 

Q&A from May 2011 Security Bulletin Webcast

May 12th, 2011 No comments

Hello,

Today we published the May Security Bulletin Webcast Questions & Answers page. We fielded twelve questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool.  There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.

We invite our customers to join us for the next public webcast on Wednesday, June 15th at 11am PDT (-8 UTC), when we will go into detail about the June bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, June 15, 2011
Time: 11:00 a.m. PDT (UTC -8)

Register:
Attendee Registration

 



 

Thanks –

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Q&A from April 2011 Security Bulletin Webcast

April 14th, 2011 Comments off

Hello,

Today we published the April Security Bulletin Webcast Questions & Answers page. We fielded 14 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.

I also want to provide some clarity regarding our announcement that SMS 2003 with SUIT is retiring this month. SMS 2.0 and the SUIT add-on that can be installed on either SMS 2.0 or SMS 2003 are going out of support this month. SMS 2003 is not scheduled to go out of support until 2015. Customers who currently use SMS 2003 with SUIT should plan to use SCCM 2007 or SMS 2003 with ITMU starting next month. 

We invite our customers to join us for the next public webcast on Wednesday, May 11th at 11am PDT (-8 UTC), when we will go into detail about the April bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, March 9, 2011
Time: 11:00 a.m. PST (UTC -8)

Register:
Attendee Registration

 ”

 

Thanks –

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group