Skip to main content
MSRC

Month Archives: July 2010

Coordinated Vulnerability Disclosure: Bringing Balance to the Force

Wednesday, July 21, 2010

Today on the [MSRC blog,](«http://blogs.technet.com/b/msrc/archive/2010/07/22/announcing-coordinated-vulnerability-disclosure.aspx> >) Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated Vulnerability Disclosure. I wanted to provide some context and history on how this came about. This post is about changing the way we at Microsoft talk about some familiar disclosure concepts, and is meant as an introduction to how Microsoft would like to engage with researchers.

Read More

July 2010 Security Bulletin Webcast

Wednesday, July 21, 2010

Hi, During the July 2010 webcast, we fielded questions varying from the re-release of MS10-024 to answers for the error messages received during the application of MS10-041 and more. Click hereto review the full Q&A page so you can see all of the answers that were provided for these and the other great questions from the July webcast.

Read More

Security Advisory 2286198 Updated

Tuesday, July 20, 2010

We’ve just updated Microsoft Security Advisory 2286198 to let customers know that we now have an automated “Fix It” available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running the “Fix It” can help prevent attacks attempting to exploit this vulnerability.

Read More

Security Advisory 2286198 Released

Friday, July 16, 2010

Hi everyone, We have released Security Advisory 2286198, which addresses a publicly reported vulnerability in Windows Shell. Microsoft has found that this vulnerability is most likely to be exploited through removable drives. Currently, we have seen only limited, targeted attacks on this vulnerability. In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware, a threat family already known to the Microsoft Malware Protection Center.

Read More

July 2010 Security Bulletin Release

Tuesday, July 13, 2010

Hi everyone. As part of our usual monthly update cycle, today Microsoft is releasing four security bulletins to address five vulnerabilities in Windows and Microsoft Office. MS10-042 resolves a publicly disclosed and actively exploited vulnerability discussed in Security Advisory 2219475. The update addresses an issue in the Windows Help and Support Center feature included in Windows XP and Windows Server 2003.

Read More

MS10-045: Microsoft Office Outlook Remote Code Execution vulnerability

Tuesday, July 13, 2010

Today we released the fix for CVE-2010-0266, an Important severity vulnerability in Microsoft Office Outlook. Yorick Koster working with the SSD/SecuriTeam Secure Disclosure program reported this issue. What’s the risk? This vulnerability enables an attacker to spoof a dangerous e-mail attachment to appear legitimate / benign. If a victim user were to open the attachment, code from a remote UNC path could execute without prior warning.

Read More