Outlook Password Expiration Notification Update in Office 365; Sep Patch Tuesday Addresses Two Unique Vulnerabilities in TFS & SCCM

Microsoft's September Security Update increase protection by addressing two unique vulnerabilities in the following two security bulletins:MS12-061 (Visual Studio Team Foundation Server) This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. This bulletin is rated Important for Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1.MS12-062 (System Center Configuration […]

Microsoft's September Security Update increase protection by addressing two unique vulnerabilities in the following two security bulletins:

  • MS12-061 (Visual Studio Team Foundation Server) This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. This bulletin is rated Important for Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1.
  • MS12-062 (System Center Configuration Manager) This security update resolves a privately reported vulnerability in Microsoft System Center Configuration Manager. The bulletin is rated Important for Microsoft Systems Management Server 2003 Service Pack 3 and Microsoft System Center Configuration Manager 2007 Service Pack 2, posted MSRC.

Below is a Sep 2012 deployment priority guidance:

microsoft september 2012 deployment priority guidance

…and here is Sep 2012 risk and impact graph:

microsoft september 2012 risk and imact graph

Watch the video below discusses both the bulletins in detail:

Also, Outlook team has released updates for Outlook 2010 and 2007 that provide Office 365 users with password expiration notifications.

"The advance password expiry notification will be displayed in a pop-up message (near the system clock) within a certain time period before their password actually expires. That time period is configurable by the tenant admin. For users whose passwords have already expired, Outlook will flash an error message when users try to connect to their mailbox. In both scenarios, Outlook also provides a link (URL) to update passwords via the browser. When users click on those links, they are taken to the Microsoft Online Portal to change/update their passwords," the team explained.

You can download the updates through following links: "2687351 Description of the Outlook 2010 hotfix package (Outlook-x-none.msp): August 28, 2012; and 2687336 Description of the Outlook 2007 hotfix package (Outlook-x-none.msp): August 28, 2012."

Check this Knowledge base article KB2745588 for more info on Outlook password expiration notification in Office 365. Or watch the Outlook User Experience videos below:

The following video provides a quick one minute intro of the Outlook user experience. (Duration: 55 seconds, less than a minute)

The following video walks us through the Outlook user experience when update is installed and the password is about to expire. (Duration: 3 minutes & 23 seconds)

The following video walks us through the Outlook user experience when update is applied and the password has already expired. (Duration: 3 minutes & 37 seconds)

Microsoft Security Response Center (MSRC) recently published their MSRC Progress Report 2012 at Blackhat USA in Las Vegas, Nevada.

The Microsoft Security Response Center (MSRC) Progress Report 2012 provides customers with the latest information from the MSRC on the progress of various security initiatives that share information to foster deeper industry collaboration around software security, increase community-based defenses, and better protect customers from malware.

You can download the report here.

Update 09/15: Posted September Security Bulletin Webcast Questions and answers video: