Windows Server Customer Engineering (Customer Advisory Team)

This month we release eight bulletins – four Critical and four Important - which address 25* unique CVEs in Microsoft Windows, Internet Explorer, SharePoint, .NET Framework, Office, and Silverlight. For those who need to prioritize their deployment planning, we recommend focusing on MS13-080, MS13-081, and MS13-083.

Back in June of this year, we announced three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview. This past Friday, we provided some additional details about the results of the IE11 Preview bounty program, which covered the first 30 days of the preview period. Today, we are announcing James Forshaw, a security researcher with Context Information Security, has been awarded the first Mitigation Bypass Bounty, which comes with a prize of $100,000.00. As a reminder, this is an ongoing program, so if you are interested in participating, check out all the details here.

One of the key issues this blog has covered recently is the transformation of storage.  Microsoft is focused on helping customers control the costs of storage, whether by using industry-standard hardware or simplifying existing hardware infrastructure.  To that end we have made significant investments in the SMB 3.0 protocol for file-based storage.  This helps customers use existing network infrastructure to achieve Fibre Channel-like performance, regardless of the underlying storage subsystem.

Today we’re providing advance notification for the release of eight bulletins, four Critical and four Important, for October 2013. The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update which will address the publicly disclosed issue described in Security Advisory 2887505.  

更新 (10/25/2013)
～～～～～～～～～～～～～
前回公開させて頂きました手順では、「%program files%\Update Services」フォルダを手動削除する手順を含めさせて頂いたおりましたが、このフォルダを削除した場合には、 WSUS サーバーの再構築時にエラーが発生する事が確認されました。
「%program files%\Update Services」 のフォルダ削除を抜いた手順を以下に記載させて頂きましたので、恐れ入りますが、こちらを最新手順としてご利用くださいますようお願いいたします。
～～～～～～～～～～～～～

皆さま こんにちは。 マイクロソフトの香取です。

​Recently Trojan:Win32/Mevade made news for being the first large botnet to use Tor to anonymize and hide its network traffic. Within a few weeks, starting mid-August, the number of directly connecting Tor users increased by almost 600 percent - from about 500,000 users per day to more than 3,000,000.

​If you’re running Java SE 6, we have some news for you: Oracle stopped providing public updates to it after February 2013.

Hallo @all,