2006/07 | Microsoft Security Response Center

Information About Public Postings Related to MS06-035

Friday, July 28, 2006

Hey everyone, this is Adrian Stone from the MSRC and I wanted to take a moment to clarify some recent reports about a vulnerability that was not addressed in this month’s MS06-035security update. As soon as we heard about the posting, we initiated our Software Security Incident Response Processto investigate. We now have a good understanding of the issue and we are conducting a thorough investigation into this area of code to make sure we can deliver a security update that is complete and meets our quality bar.

An update on MS06-034 issues

Tuesday, July 18, 2006

What’s that? A post from Craig Gehre, and it’s not release day? Yes, it is me again. As most of you know, we monitor the post release environment very carefully to make sure that all the deployment tools are working as intended and people are able to get the updates. I wanted to note that last night we fixed a couple of issues from last week’s release that we had been tracking.

Advisory posted on the PowerPoint Vulnerability

Monday, July 17, 2006

Stepto here again. We’ve just posted the advisory on the PowerPoint vulnerability. It can be found here: http://www.microsoft.com/technet/security/advisory/922970.mspx S. *This posting is provided “AS IS” with no warranties, and confers no rights.*

Information on the recent Powerpoint vulnerability.

Friday, July 14, 2006

Stepto here. We’ve been made aware of a vulnerability affecting PowerPoint that we wanted to let you know about, that appears to be involved in very targeted attacks. Like most of the recent Office vulnerabilities we’ve seen, a user must first open a malicious document that is sent as an email attachment or otherwise provided to them by an attacker.

Information for SUS 1.0 Users about Tuesday's Release

Wednesday, July 12, 2006

I wanted to let you know of another issue that has popped up. We received reports a few hours ago that users of SUS 1.0 were not being offered security updates for Windows 2003 for the bulletins we just released yesterday. We just pushed the fix for this issue live. That means that all SUS 1.

Follow-up Information on Today's Release

Tuesday, July 11, 2006

Two blog entries in one day. Not what I intended, honest. Those of you that use SMS or WSUS have probably been struggling with the download of WSUSscan.cab. The reason for the delay is that we had problems in our virus scanning labs right before the cab gets pushed live. The issue was resolved and the new cab for the July security release is now live.

July 2006 security update release.

Tuesday, July 11, 2006

Today we released 7 new security bulletins. We had some publishing issues pop up this morning that I think you should be aware of. The below items went live a bit later than the normal 10AM-ish time. We are working on getting these items live and you should start seeing them soon.

Information about claims about unchecked boundary condition vulnerability in Word

Monday, July 10, 2006

Hello, this is Mike Reavey. I wanted to take a moment and pass on some information about a claim that was posted late Friday about a possible unchecked boundary condition vulnerability in Microsoft Word. The claim was that this could enable an attacker to execute malicous code by convincing a user to open a malformed Word document.

July 2006 Advanced Notification

Thursday, July 06, 2006

Hello, This is Christopher Budd. It’s the Thursday before the second Tuesday of the month, and that means we’ve posted our Advanced Notificationfor the July 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on July 11, 2006 at approximately 10:00 am PT we are slated to release seven new security bulletins:

Month Archives: July 2006