Skip to main content
MSRC

Month Archives: May 2009

Security Bulletin Webcast Video, Questions and Answers – May 2009

Friday, May 15, 2009

In the May 2009 security bulletin webcast, we addressed several questions relating to MS09-017 in addition to questions about WSUS and MBSA. For those questions that came in after we concluded the webcast, we have provided answers in the published Q&A which you can find here: http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-May-2009.aspx Also, here is the link to the Q&A index page in case you want to view previous months:

Read More

Dune Busting and Browser Fun at HITB – Dubai

Wednesday, May 13, 2009

Hi, Billy Rios here, I was recently invited to speak at Hack in the Box (HITB) in Dubai. While at HITB, I participated in two different talks, but I’m going to focus on the talk Chris Evans and I co-presented: “Cross Domain Leakiness.” Chris Evans is a security lead for Google’s Core Security team.

Read More

Hack in the Box, and beyond…

Wednesday, May 13, 2009

** Handle: EcoStrat’s All-Stars IRL: TwC Security All-Star Guest Bloggers Likes: Security, Vulnerability Research & Science, Defense and Responsible Disclosure Dislikes: 0-day, FUD ** Marhaban! Maarten Van Horenbeeck here from the Microsoft Security Response Center (MSRC). This is the first time I have blogged here on EcoStrat. As a Security Program Manager with MSRC, one of the roles I have is to work with security researchers, and this often involves attending security conferences to meet with you.

Read More

May 2009 Bulletin Release

Tuesday, May 12, 2009

Summary of Microsoft’s monthly security bulletin release for May 2009. Today we released one security bulletin, MS09-017, affecting our PowerPoint products. This update addresses several vulnerabilities including the issue described in Microsoft Security Advisory 969136. In that advisory, we noted that we were aware of limited, targeted attacks. The security of our customers is important to us and due to these active attacks, we have released the updates for one product line (all versions of Microsoft Office for Windows) so that the majority of our customers can protect their systems.

Read More

MS09-017: An out-of-the-ordinary PowerPoint security update

Tuesday, May 12, 2009

Security update MS09-017 addresses the PowerPoint (PPT) zero-day vulnerability that has recently been used in targeted attacks. We issued security advisory 969136 with workarounds on April 2nd after we first saw the exploits in-the-wild abusing this vulnerability. We also published an SRD blog entry describing how to analyze exploits and an MMPC blog entry with more details about the exploits we had seen.

Read More

Capt I.M. Hardened OS-Microsoft

Friday, May 08, 2009

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Hey, Steve here. Just finally settling back in after traveling a bit, meeting up with different parts of the security ecosystem.

Read More

May 2009 Advance Notification

Thursday, May 07, 2009

Summary of the May 2009 Advance Notification for the 5/12/2009 security bulletin release. Today we are letting customers know that next week we will be releasing one security bulletin affecting Microsoft Office PowerPoint with an aggregate severity rating of critical. Customers should review the Advance Notification and prepare appropriately for deployment.

Read More