Skip to main content

Month Archives: October 2006

Microsoft Security Advisory (927709) Posted

Tuesday, October 31, 2006

Hello, Christopher Budd here. Very quickly, I wanted to let people know that we just posted Microsoft Security Advisory (927709) that talks about public proof of concept code published on an issue in the WMI Object Broker ActiveX control. We are aware of the possibility of limited attacks that are attempting to use the reported vulnerability.

Information on New Address Bar Issue

Monday, October 30, 2006

Hello, This is Christopher Budd. We’ve gotten some questions from customers about a new public claim of a spoofing vulnerability affecting IE 7. Because Microsoft had previously determined that this actually isn’t a security vulnerability, there has been some confusion over these new reports. So, I wanted to take a moment and explain what’s going on here to help people understand the issue.

ADODB.Connection POC Published.

Thursday, October 26, 2006

Hi Everyone Scott here from the MSRC operations team with a real quick update, I wanted to let everyone know that we are fully aware of the recent Proof of Concept (POC) code posting regarding ADODB.Connection. We have initiated our Software Security Incident Response Process to investigate this issue. Once we have completed the investigation and understand if there is a threat to customers we will take the appropriate action to protect and provide guidance – as required.

IE Address Bar Issue

Wednesday, October 25, 2006

Hello, This is Christopher Budd. I wanted to take a moment and let people know some information about a new public report about a possible vulnerability in Internet Explorer we’ve received today. As soon as we learned of the report we started an investigation into the issue and we have some information we can share on this.

BlueHat v.4 -- shipped!

Monday, October 23, 2006

Sarah Blankinship here. I’m in the Security Technology Unit (STU), a group responsible for product security at Microsoft. One of the STU’s charters is securing products we have and have not shipped yet. So what is BlueHat? A hacker conference? A way to lure unsuspecting researchers to Microsoft? The /. comments and speculation about our real motivation for hosting hackers at Microsoft are ever entertaining, however BlueHat is about providing a consistent forum for presenting cutting-edge research, for understanding issues that affect both Microsoft and the entire industry, and great way to inform and educate our developer population.

Information on re-release of MS06-061

Thursday, October 19, 2006

¡Hola everyone!, Ben Richeson here. I just want to take a quick moment here to introduce myself as one of the newest members to the MSRC as well as to post (my first blog entry!) about an update to MS06-061. Today, MS06-061 has been re-released to re-offer a revised version of the security update to customers with Windows 2000 Service Pack 4 only.

Information on Reports of IE 7 Vulnerability

Thursday, October 19, 2006

Hi, this is Christopher Budd. We’ve gotten some questions here today about public reports claiming there’s a new vulnerability in Internet Explorer 7. This is an issue that we have under investigation and so we have some technical information we can share about the issue. These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all.

PoC published for MS Office 2003 PowerPoint

Thursday, October 12, 2006

Hey everyone this is Alexandra Huft, I wanted to let you know that we’ve been made aware of proof of concept code published publicly affecting Microsoft Office 2003 PowerPoint. We are currently investigating this report. The reported proof of concept may allow an attacker to execute code on a user’s machine by convincing them to open a specially-crafted PowerPoint file.

October 2006 Bulletin Release

Tuesday, October 10, 2006

Hey everyone, Craig Gehre here. We’re in the process of releasing our October 2006 Security Bulletins and I wanted to go ahead and update you on it. We’re releasing ten new Security Bulletins this month: MS06-056 addresses a vulnerability in Microsoft Windows and has a maximum severity rating of Moderate.

October 2006 Advance Notification

Thursday, October 05, 2006

Hello, This is Christopher Budd. It’s the Thursday before the second Tuesday and so I wanted to go ahead and let people know that we’ve posted our Advance Notificationfor October 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on October 10, 2006 at approximately 10:00 am PT we are slated to release eleven new security bulletins: