Skip to main content

Month Archives: May 2006

Incorrect reports of a new Windows 2000 SMB vulnerability

Thursday, May 25, 2006

Hey everyone. Stephen Toulouse here. There has been a bit of a flurry of activity here in Redmond this morning when we noticed a couple of people releasing information about an SMB vulnerability in Windows 2000. We just want to let everyone know that we’ve investigated this claim and found the vulnerability being discussed is fixed by MS05-011, a security update released almost 16 months ago.

Advisory posted on the recent Word vulnerability.

Tuesday, May 23, 2006

Hi everyone, Stephen Toulouse here again. Just wanted to make you aware that we have reached the point in our investigation of the limited attacks trying to use the Word vulnerability that provided us with enough information to develop some stronger workarounds and mitigations. We’ve posted all that into a new security advisory:

A quick check-in on the Word vulnerability

Saturday, May 20, 2006

Hi everyone, Stephen Toulouse here again. I wanted to catch you up on where we’re at with our investigation of the Word vulnerability. First off on the vulnerability itself: I want to reiterate we’re hard at work on an update. The attack vector here is Word documents attached to an email or otherwise delivered to a user’s computer.

Reports of a new vulnerability in Microsoft Word

Friday, May 19, 2006

Hi everyone, Stephen Toulouse here. We’ve been made aware of a new vulnerability in Microsoft Word XP and Word 2003. Customers using the Word viewer to view documents are not impacted. Yesterday we recieved a report that a customer had been subjected to a very targeted attack using this vulnerability.

New Article: Ten Principles of Microsoft Patch Management

Tuesday, May 16, 2006

Hello, This is Christopher Budd. I wanted to take a moment and let folks know that this month’s IT Pro Security newsletter has an article that I hope will be helpful for those of you who manage security updates. It’s called Ten Principles of Microsoft Patch Management and in it I try o outline not so much the “how” of patch management but rather more of the “why” behind what we do.

May 2006 Bulletin Release

Tuesday, May 09, 2006

Say heh? I have to be honest. I’ve been in the MSRC now for a while, seen a lot of “interesting” things happen around here and it is a bit of a trip to look at our list of bulletins we shipped today and see the words Flash, Adobe, and Macromedia in the titles.

May 2006 Advance Notification

Thursday, May 04, 2006

Good afternoon, This is Christopher Budd. I wanted to take a moment and let you know that we’ve posted our regular Monthly Advanced Notification for the upcoming bulletin release. As a reminder, this month, our regularly scheduled monthly bulletin release is slated for Tuesday, 9 May 2006 with a target time of 10 AM Pacific Time.