Microsoft June 2013 Security Bulletin Detailed; NSA Slides PRISM Data-collection Program

Microsoft publishes June 2013 patch tuesday security update details, New NSA slides reveals how Microsoft, Apple, Google, Yahoo! and other share information to the PRISM data-collection program.

Microsoft would release a total of five security bulletins as part of June 2013 Patch Tuesday, covering vulnerabilities in Windows, Internet Explorer, and Office.

Bulletin 1, which is rated critical, will patch all versions of Internet Explorer on all Windows platforms.

And, the bulletin 2 will patch flaws in server and desktop versions of 32-bit operating systems, "Windows 7, 8, Vista, XP as well as Server 2003 and 2008 are affected. Systems that are not affected include Windows Server 2008 R2, 2012 and Windows RT."

Bulletin 3 deals with denial-of-service vulnerability, in server operating systems, including Windows 2008, R2 and 2012.

In addition, this security release is also projected to bring improvements for Surface tablets.

Microsoft has also published a statement on customer privacy following the slides and reporting from the Washington Post and The Guardian, which suggests how various major internet companies react to leaked claims they provide the NSA with direct access to their servers.

The leaked NSA slides explain the PRISM data-collection program for Microsoft, Yahoo, Facebook and Apple. Google's response so far has been "no backdoor" is provided.

Update 06/08: Google's Chief Legal Officer, David Drummond, issued a statement:

"We cannot say this more clearly--the government does not have access to Google servers--not directly, or via a back door, or a so-called drop box."

Adding, "Nor have we received blanket orders of the kind being discussed in the media. It is quite wrong to insinuate otherwise. We provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don't follow the correct process. And we have taken the lead in being as transparent as possible about government requests for user information," he said.

These slides, annotated by The Washington Post, represent a selection from the overall document, and certain portions are redacted.

"Through a top-secret program authorized by federal judges working under the Foreign Intelligence Surveillance Act (FISA), the U.S. intelligence community can gain access to the servers of nine Internet companies for a wide range of digital data," the WP article claims.

Documents describing the previously undisclosed program, obtained by The Washington Post, "show the breadth of U.S. electronic surveillance capabilities in the wake of a widely publicized controversy over warrantless wiretapping of U.S. domestic telephone communications in 2005," adds the article.

"We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it," Microsoft responded in a press statement.

NSA PRISM data-collection providers

NSA PRISM Data-collection participating providers