Archive for the ‘video’ Category

March 2013 Security Bulletin Webcast, Q&A, and Slide Deck

March 15th, 2013 No comments

Today we’re publishing the March 2013 Security Bulletin Webcast Questions & Answers page.  We fielded 13 questions on various topics during the webcast, with specific bulletin questions focusing primarily on Internet Explorer (MS13-021), SharePoint (MS13-024) and the update for Kernel-Mode Drivers in MS13-027.  There were six additional questions during the webcast that we were unable to answer on air, and we have also answered those on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, April 10, 2013, at 11 a.m. PDT (UTC -7), when we will go into detail about the April bulletin release and answer questions live on the air.

Customers can register to attend the webcast at the link below:

Date: Wednesday, April 10, 2013
Time: 11:00 a.m. PDT (UTC -7)
Attendee Registration


Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

November 2012 Bulletin Release

November 13th, 2012 No comments

Security Updates
Today we released six security bulletins to help protect our customers – four Critical, one Important, and one Moderate – addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel. For those who need to prioritize deployment, we recommend focusing on these two Critical updates first:

MS12-071 (Internet Explorer): This bulletin addresses three privately disclosed issues, none of which are currently known to be under active attack. Successful exploitation of these issues could result in code execution with the current user’s privileges. As such, we recommend the best practice of running applications with the least privileges possible in order to help mitigate potential risks. These issues do not affect Internet Explorer 10.

MS12-075 (Windows Kernel): This security update addresses three privately reported issues, none of which are currently known to be under active attack. This bulletin affects all supported versions of Microsoft Windows. The most severe issue could result in remote code execution if an attacker is able to lure a user to a website with a maliciously crafted TrueType font file embedded.

Security Update Re-release
In October we released Security Advisory 2749655 that addresses potential compatibility issues due to signature timestamps expiring before they should and noted we would be providing updates as they become available. Today we are providing one such update for MS12-046 (Visual Basic), which is now listed as available in the advisory. We have also released MS12-062 (System Center Configuration Manager 2007) to address an issue in the localization of resource files. Users who have already successfully installed the English versions of this update do not need to take any action.

You can find more information about this month’s security updates on the Microsoft Security Bulletin Summary web page. For an overview of the bulletins please watch the video below.




We recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in deployment planning (click for larger view).


Our risk and impact graph provides an aggregate view of this month’s severity and exploitability index (click for larger view).


Thanks for reading and join us tomorrow (Wednesday, Nov. 14, 2012) at 11 a.m. PST for a live webcast with Jeremy Tinder and myself, as we share greater details about these bulletins. As always, we will answer bulletin-related questions live during the webcast. You may register for that one-hour event here.

Thank you,

Dustin Childs
Group Manager
Microsoft Trustworthy Computing

August 2012 Security Bulletin Webcast, Q&A, and Slide Deck

August 18th, 2012 No comments


Today we’re publishing the August 2012 Security Bulletin Webcast Questions & Answers page. During the webcast, we fielded twelve questions focusing primarily on MS12-060 covering Windows Common Controls,  MS12-052 regarding Internet Explorer, and Security Advisory 2661254 addressing trust certificates with RSA keys less than 1024 bit key lengths. Three additional questions were answered after the webcast. All questions are included on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, September 12th at 11 a.m. PDT (-7 UTC), when we will go into detail about the September bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, September 12, 2012

Time: 11:00 a.m. PDT (UTC -7)

Register: AttendeeRegistration


Yunsun Wee

Director, Trustworthy Computing.

BlueHat Prize Q&A with Katie Moussouris

August 10th, 2011 No comments

Hi everyone,

Black Hat this year was really great. We spent a lot of time talking to people and getting new perspectives on the security landscape and of course, we announced the BlueHat Prize contest. The reaction to the contest was outstanding. In fact, within the first 24 hours, we had already received a few submissions and a bunch of questions indicating a lot of interest in winning the $200,000 grand prize.

Based on the questions, it was clear there were a couple of areas where we needed to provide more clarity. For example, who owns the technology, Microsoft or the inventor? The answer is the inventor. You can find answers to most of your questions in the official rules at but we also held a webcast today to go over some of the common questions. In the video below, Katie Moussouris sat down with me to address questions like “Can I make more than one submission?” and “What if my idea requires a compiler change?”

Get Microsoft Silverlight


The deadline to enter the contest is 12 a.m. PDT April 1, 2012 at which time our internal panel of judges will pick the top three entries. We’ll fly all three to Black Hat USA 2012, where we will announce the grand prize winner. We will provide periodic updates along the way both on this blog and via our Twitter handle, @MSFTSecResponse.


Jerry Bryant

Group Manager, Response Communications

Trustworthy Computing Group

Categories: News, Responsible Disclosure, security, video Tags:

Forefront Protection 2010 for Exchange in-depth overview presentation

August 3rd, 2010 Comments off

I just watched a great in depth video presentation of Forefront Protection 2010 for Exchange (FPE) by Alex Nikolayev that he gave as part of a Forefront Virtual Event. Alex discusses the new features of FPE and gives a tour of the major features, with a special emphasis on the new spam filtering options. Alex also touches on the integrated FPE/FOPE (Forefront Online Protection for Exchange) solution.


Check out the video, but leave plenty of time, because this is a recording of live presentations and runs over an hour.


Michel LaFantano
Technical Writer – BPSG – iX