Skip to main content
MSRC

Month Archives: January 2006

Security Advisory posted: Win32/MyWife.E

Monday, January 30, 2006

Just as a followup to our last post, this evening we have posted a security advisory detailing what you can do to protect yourself from the Win32/MyWife.E worm (hint, don’t open attachments!) as well as additional info on how to get cleaned from it if you have been infected (hint, we recommend using the Windows Live Safety Center Beta at http://safety.

Win32/MyWife.E

Friday, January 27, 2006

Hi everyone, just wanted to quickly point out that the Anti-malware team has posted a short note on the Win32/Mywife.E mass mailer worm. Pretty much all current AV protects against this worm, so running updated anti-virus is an important thing to do. In addition Windows OneCare members are also protected. The worm doesn’t exploit a vulnerability, and requires user interaction.

Trivia: security@microsoft.com and Windows development

Wednesday, January 18, 2006

Why is security@microsoft.com an auto-responder and not a redirect to secure@microsoft.com? Well, security@microsoft.com is the Microsoft internal physical security alias, and has been since we started using email. As I am sure you can imagine, the amount of email we get at that alias that is external is quite a lot.

Looking at the WMF issue, how did it get there?

Friday, January 13, 2006

Hi everyone, Stephen Toulouse here. Now that the monthly release has passed and people are deploying the updates I wanted to take a moment to discuss some things related to questions we’ve been receiving on the recent WMF issue. (Which was addressed in MS06-001). One question we’ve gotten is about SetAbortProc, the function that allows printing jobs to be cancelled.

Security updates available on ISO-9660 image files

Wednesday, January 11, 2006

I wanted to let you know about a new offering that those of you enterprise customers that download multiple security updates in multiple languages might find useful. Starting with the January 2006 release, each month we’re making security and high-priority non-security updates that are available on Windows Update also available on an ISO-9660 CD image.

MU and WSUS Information about Today's Bulletin Release

Tuesday, January 10, 2006

Hey folks – Mike Reavey here stepping in for Craig as he continues to work through some last minute issues on this Tuesday’s release. Today we’ve released two Security Bulletins. The first one, MS06-002 resolves a vulnerability in Font processing in Windows and is rated Critical. The second bulletin, MS06-003 is also rated Critical, and applies to Office and Exchange customers, and resolves an issue in Transport Neutral Encapsulation (TNEF).

Information on new WMF Posting

Monday, January 09, 2006

Lennart Wistrand here. I wanted to write a few lines about the public post made over the weekend about a new specially crafted WMF image that could potentially cause the application using the Windows Graphics Rendering Engine to crash. As it turns out, these crashes are not exploitable but are instead Windows performance issues that could cause some WMF applications to unexpectedly exit.

Mike Nash on the Security Update for the WMF Vulnerability

Thursday, January 05, 2006

Hi there. Mike Nash from Microsoft here. For those of you who don’t know me, I am the Corporate Vice President responsible for security at Microsoft. Given the recent events around the Windows Meta File format vulnerability, an ongoing dialogue I have had with some customers and our recent decision to release an update for Windows out of band to correct this vulnerability, I thought I would take a minute to give you a sense of the thought process behind Microsoft’s decision.

Microsoft Security Advisory on Win32/Sober

Wednesday, January 04, 2006

Hi everyone, Stephen Toulouse here. There is a lot of activity happening within the MSRC this week so I wanted to make sure that, in addition to the guidance we’ve put out around the WMF vulnerability, that we also let you know that we’ve issued a security advisory regarding recent variants of the Win32/Sober worm.

Updated Advisory: WMF Vulnerability

Tuesday, January 03, 2006

Hi folks- Kevin Kean here again. We here in the MSRC have been hard at work on this WMF vulnerability and so I wanted to provide you all with an update on the situation. When the MSRC learned of the attacks on December 27, 2005, we mobilized under what we call the Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope and determine and the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.