Home arrow Microsoft
MSRC
  • July 2014 Security Bulletin Webcast and Q&A

    Today we published the July 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered eight questions on air, with the majority focusing on the update for Internet Explorer. The transcript also includes a question we did not have time to answer on the air.

    Here is the video replay:

    We invite you to join us for the next scheduled webcast on Wednesday, August 13, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the August bulletin release and answer your bulletin deployment questions live on the air. There’s no longer a need to register before this event to attend. You can find details on how to view the webcast and get a calendar reminder here.

    I look forward to seeing you next month.

    Thanks,
    Dustin Childs
    Group Manager, Response Communications
    Microsoft Trustworthy Computing



  • Security Advisory 2982792 released, Certificate Trust List updated

    Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties.

    With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server 2003, please see the Security Advisory 2982792 for recommended actions. Additionally, the Enhanced Mitigation Experience Toolkit (EMET) 4.1, and newer versions, help to mitigate man-in-the-middle attacks by detecting untrusted or improperly issued SSL certificates through the Certificate Trust feature.

    For more information, please see Microsoft Security Advisory 2982792.

    Thank you,
    Dustin Childs
    Group Manager, Response Communications



  • July 2014 Security Bulletin Release

    Many around the globe have been following the 2014 FIFA World Cup Brazil™ closely. Regardless of which country you are supporting, many folks have been impressed by the defensive display put on by keeper Tim Howard in a loss against Belgium. It was a great performance highlighting a strong defense – always a good thing to have, be it on the pitch or on your system.

    This month’s release includes six new security bulletins, addressing 29 Common Vulnerability and Exposures (CVEs) in Microsoft Windows and Internet Explorer. Two of these security bulletins are rated Critical, three are rated Important, and one rated Moderate in severity. As always, we encourage you to apply all of the updates, but for those who prioritize, we recommend the Windows Journal and Internet Explorer (IE) updates be on the top of your list.

    If you are looking for additional resources to help you prioritize, take a look at our recently released myBulletins security bulletins customization free online service. myBulletins enables you to quickly find security bulletins using advanced search and filtering options. The service also provides a dynamic list in a customizable dashboard that can be edited at any time, as well as downloaded to a Microsoft Excel report. Give it a try, and let us know what you think by using the site feedback link.

    Here’s an overview of all of the updates released today:

    Click to enlarge

    *Bulletins in each deployment priority are listed in numerical order by bulletin number

    The security bulletin for Windows Journal addresses one privately reported CVE that could allow an attacker to execute code on your system if you open a malicious Windows Journal file. It’s worth noting that Windows Server versions do not have Windows Journal installed by default. That’s by design. You are always at less risk when you have fewer applications installed, so server systems ship with many optional components disabled. If you haven’t reviewed the applications installed on your server recently, now is a good time to do so. Reducing the attack surface will have a positive impact on the overall security of the server.

    The ongoing diligent work from our Internet Explorer team continues this month, with the security bulletin for Internet Explorer addressing a total of 24 CVEs. The most critical of these could allow remote code execution if a user views a webpage specially crafted by a cybercriminal. Similar to last month, we have not seen any active attacks attempting to exploit any of the CVEs addressed by this security bulletin – or any of the other issues we addressed this month. Addressing these items before there is any customer impact from attacks remains our goal with security bulletins.

    To ensure you have our latest protections while browsing the Internet, you should really upgrade to the latest version of Internet Explorer. For Windows 7 and Windows 8.1, that means Internet Explorer 11 – the most modern, secure browser we have built. Internet Explorer 11 has advanced security features like Enhanced Protection Mode (EPM) and SmartScreen Filter, support for modern web standards, and Enterprise Mode for rendering legacy web apps. Internet Explorer 11 is much more secure than our older versions, which is why we encourage customers to upgrade.

    We also have three advisories to address today. The first is a revision to the Update to Improve Credentials Protection and Management. This new package changes the default behavior for Restricted Admin mode on Windows 8.1 and Windows Server 2012 R2. This advisory deals with different strategies for combating credential theft, which is a hot topic today. Patrick Jungles (lead author) and team have a new whitepaper discussing ways to defend against pass-the-hash style attacks, and there is a new web resource that covers various techniques and tactics to help prevent different types of credential theft attacks. Implementing these tactics before they are needed is another way to positively impact the overall security posture in an enterprise.

    The Update for Disabling RC4 in .NET TLS has been revised as well. This update was revised to announce a Microsoft Update Catalog detection change for the updates requiring installation of the 2868725 prerequisite update. If you have already successfully installed this update, then you don’t need to take any further action.

    Finally, we are revising Security Advisory 2755801 with the latest update for Adobe Flash Player in Internet Explorer. The update addresses the vulnerabilities described in Adobe Security bulletin APSB14-17. For more information about this update, including download links, see Microsoft Knowledge Base Article 2974008.

    For more information about this month’s security updates, including the detailed view of the Exploit Index broken down by CVE, visit the Microsoft Bulletin Summary Web page. Watch the bulletin overview video below for a brief summary of today's releases.

    Jonathan Ness and I will host the monthly security bulletin webcast, scheduled for Wednesday, July 9, 2014, at 11 a.m. PDT. There’s no longer a need to register before this event to attend. You can find details on how to view the webcast and get a calendar reminder here. I invite you to tune in to learn more about this month’s security bulletins.

    I look forward to hearing any questions about this month’s release during our webcast tomorrow.

    For all the latest information, you can also follow us at @MSFTSecResponse.

    Thanks,
    Dustin Childs
    Group Manager, Response Communications
    Microsoft Trustworthy Computing



  • Advance Notification Service for the July 2014 Security Bulletin Release

    Today, we provide advance notification for the release of six Security Bulletins. Two of these are rated Critical, three are rated as Important, and one is rated Moderate in severity. These Updates are for Microsoft Windows and Internet Explorer.

    This month we will also premier the new format for our Security Bulletin Webcast, scheduled on Wednesday, July 9, at 11 a.m. PDT. Registration, downloading the Live Meeting client, and dialing in to a separate number will no longer be required. You can find details on how to view the webcast here.

    As per our usual process, we’ve scheduled the Security Bulletin release for the second Tuesday of the month, July 8, 2014, at approximately 10:00 a.m. PDT. Revisit this blog then for analysis of the relative impact, as well as deployment guidance, together with a brief video overview of the month’s Updates. Until then, please review the ANS summary page for more information to help you prepare for Security Bulletin testing and deployment.

    Don’t forget, you can also follow us on Twitter at @MSFTSecResponse.

    Thank you,
    Dustin Childs
    Group Manager, Response Communications
    Microsoft Trustworthy Computing



  • Driving a Collectively Stronger Security Community with Microsoft Interflow

    Today, Microsoft is pleased to announce the private preview of Microsoft Interflow, a security and threat information exchange platform for analysts and researchers working in cybersecurity. Interflow uses industry specifications to create an automated, machine-readable feed of threat and security information that can be shared across industries and groups in near real-time. The goal of the platform is to help security professionals respond more quickly to threats. It will also help reduce cost of defense by automating processes that are currently performed manually.

    Microsoft’s ongoing active collaboration with the cybersecurity community has been a constant source of ideas and innovation for more than a decade. The Microsoft Active Protections Program (MAPP) was established in 2008 to provide security software providers with early access to software vulnerability information. Along the same lines, the inspiration for Interflow comes from the community. Today, data exchange difficulties – format mismatches, governance issues, and the complexity of data correlation – stand in the way of a more efficient incident response industry. Zheng Bu, VP of Security Research at FireEye, stated “what the cybersecurity community will benefit from is a more productive way to collaborate and take action. It is encouraging to see Microsoft invest in such a platform, and drive it forward for the greater good of the community.”

    A collectively stronger cybersecurity ecosystem means better protection for consumers and businesses. There are many examples of alliances across industries, such as those established in the education and finance sectors. Recently, a similar cybersecurity alliance was formed in the retail industry. As retailers and others share threat indicators and take action rapidly, cyberattacks are either prevented, or their damage and spread are minimized. Interflow enables exactly this type of community and peer-based sharing, whether the communities are formed by the Computer Emergency Response Teams (CERTs) across the globe or by industry.

    One may ask what exactly it means to share security and threat information using Interflow. The answer is simple: Interflow is a distributed system where users decide what communities to form, what data feeds to bring to their communities, and with whom to share data feeds. In addition, the use of open specifications STIX™ (Structured Threat Information eXpression), TAXII™ (Trusted Automated eXchange of Indicator Information), and CybOX™ (Cyber Observable eXpression standards) means that Interflow can integrate with existing operational and analytical tools through a plug-in architecture. This means there is no lock-in to proprietary data formats, appliances or subscriptions, all of which raise the cost of cybersecurity.

    For many operating in the response community, reducing and managing the cost of defense in the face of exponentially increasing threat data is crucial. Running on Microsoft Azure public cloud, Interflow helps to reduce the cost of security infrastructure while allowing for rapid scale-out, a key premise of cloud computing. As Interflow automates the input and flow of security and threat data, organizations are able to prioritize analysis and action through customized watch lists, instead of bearing the cost of manual data compilation.

    As early users of Interflow, various network security teams at Microsoft have experienced these kinds of benefits. Microsoft is planning to share the security and threat data used to protect our own products and services with the Interflow communities during the private preview. Organizations and enterprises with dedicated security incident response teams can inquire about the private preview through their Technical Account Managers or by emailing mappbeta@microsoft.com. Microsoft plans to make Interflow available to all members of MAPP in the future.

    I said in the beginning that the cybersecurity community was the inspiration for Interflow. We look forward to working with the community to shape the roadmap forward. Today’s announcement is timed with the 26th annual FIRST Conference in Boston, Massachusetts. Attendees at the conference can stop by the Microsoft booth #8, observe a demo and discuss participation in the private preview of Interflow.

    Finally, you can find answers to most commonly asked questions here, and learn how Interflow enables a collectively stronger cybersecurity community at www.microsoft.com/interflow.

    Thanks,

    Jerry Bryant
    Lead Senior Security Strategist, Microsoft Security Response Center (MSRC)



  • Microsoft releases Security Advisory 2974294

    Today, we released Security Advisory 2974294 to inform global customers about an update for the Microsoft Malware Protection Engine. This update addresses a privately disclosed issue and fixes a vulnerability that could allow a denial of service if the Microsoft Malware Protection Engine scans a specially crafted file.

    Updates for the Microsoft Malware Protection Engine are sent through security advisories as there is typically no action required to install the update. This is due to the fact that the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. There’s no action for you to take here – the engine will do it for you. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

    We appreciate the researcher reporting this to us privately via Coordinated Vulnerability Disclosure (CVD) and for allowing us to release the update before there was any impact to our global customers.

    Thank you,
    Dustin Childs
    Group Manager, Response Communications
    Trustworthy Computing



  • June 2014 Security Bulletin Webcast and Q&A

    Today we published the June 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered six questions on air, with the majority focusing on the updates for TCP and Internet Explorer. The transcript also includes a question we did not have time to answer on the air.

    Here is the video replay:

    We invite you to join us for the next scheduled webcast on Wednesday, July 9, 2014, at 11 a.m. PDT (UTC -7), when we will go into detail about the July bulletin release and answer your bulletin deployment questions live on the air. Details about registering for this event are forthcoming.

    I look forward to seeing you next month.

    Thanks,
    Dustin Childs
    Group Manager, Response Communications
    Microsoft Trustworthy Computing




Angelo Castigliola     View Photos of Angelo (8)
    Send Angelo a Message
Sec and Sec-Tech Newsletter
Email:





Upcoming Events