Skip to main content

Month Archives: June 2006

Information on a publicly disclosed Windows vulnerability.

Wednesday, June 28, 2006

Adrian here again. Just wanted to post real quickly to let you know we’re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we’re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we’re investigating.

Information about Updated MS06-025

Tuesday, June 27, 2006

Hey everyone, this is Adrian Stone here and up until recently I was the newest member of the MSRC. I wanted to use my first post to let everyone know that we have updated MS06-025 complete with updated binaries for the affected platforms. As many of you may know, there were some issues identified after the initial release affecting some users who required the use of legacy dial-up connections that use a terminal window, or dial-up scripting, or used scripts to change device configuration parameters.

An update on recent public issues

Saturday, June 24, 2006

We’ve had several questions regarding some recent issues that have affected Microsoft Excel over the last week. So, I thought I’d take a minute to review each, what the security impact could be for each issue, and what we’re doing to resolve the issues. We’re currently investigating three issues that have mentioned Microsoft Excel.

Exploit code posted on the recent vulnerability addressed by MS06-025

Friday, June 23, 2006

Hi everyone, Stephen Toulouse here. We’ve see that detailed exploit code has been published on the Internet for the vulnerability addressed by Microsoft security bulletin MS06-025. So per the usual when something like this happens so quickly after release we wanted to highlight that fact, and let you know that we’re not currently aware of any active attacks utilizing this exploit code at this time.


Thursday, June 22, 2006

Hi everyone, Stephen Toulouse here. Just posting a brief note about two quick things regarding the blog. When we originally set it up we used my user account and it’s been our communal account for making posts. Unfortunately every post showed up as from “stepto”. That’s fixed now and posts will show up as being from “msrcteam”.

Information on Proof of Concept posting about hlink.dll

Tuesday, June 20, 2006

Hi everyone Christopher Budd here. I wanted to give you some information about the recent posting of proof of concept PERL script that claims to demonstrate a vulnerability in Excel’s processing of long links. As soon as we received these reports we immediately began an investigation into the posting. I wanted to let you know information we have based on that investigation.

Security Advisory posted on the Microsoft Excel Vulnerability

Monday, June 19, 2006

Hi everyone, Mike Reavey here. Just wanted to let you know we have posted our mitigations and workarounds researched throughout the weekend in the for of a security advisory. It can be found here: -Mike *This posting is provided “AS IS” with no warranties, and confers no rights.*

Checking in on this month's release.

Friday, June 16, 2006

Hi everyone. Stephen Toulouse here. As we do every month, after release the Customer Support Service Group, the MSRC, and the affected product groups all monitor uptake of the updates and keep a sharp eye out for any issues that might be causing problems. There were 12 updates this month and of course we’ve been watching closely for signs of problems.

Update on Microsoft Excel Vulnerability

Friday, June 16, 2006

Hey everyone, Mike Reavey here again. We’re headed into the weekend and I wanted to check in and provide you with some more information about the Excel issue we are investigating. As of right now it’s still just a single customer impacted. But I want to reiterate that all of our various protection tools detect this malware and remove it.

Channel 9 Bluehat video

Thursday, June 15, 2006

You asked for it. You got it. In addition to inviting a number of community members this year we also had channel 9 come to BlueHat and they created a video for your viewing pleasure. The 39 minute video contains interviews with the presenters talking about their presentations, background and research.