Thursday, May 06, 2010
Hi everyone, Today we published our advance notification for the May security bulletin release letting customers know that next Tuesday, May 11, we will release two Critical bulletins addressing two vulnerabilities - one in Windows and one in Office. Windows 7 and Windows Server 2008 R2 customers will be offered the Windows related update but they are not vulnerable in their default configurations.
Monday, May 03, 2010
Hi everyone, Here’s an update on MS10-016, a Windows Movie Maker bulletin we released in March 2010. At the time, we did not have an update for Microsoft Producer 2003. Today we have released a new version of Microsoft Producer that replaces the old version. We recommend that all customers using Producer 2003 upgrade to the new version located here.
Thursday, April 29, 2010
Hello. Today we released Security Advisory 983438, addressing a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0 that could allow Elevation of Privilege (EoP) within the SharePoint site itself. Servers are at reduced risk from Internet Explorer 8 clients, as the Internet Explorer 8 XSS filter helps to mitigate the issue in the internet zone.
Tuesday, April 27, 2010
Hi everyone – I’m Carlene Chmaj, new to the Security Response team and here to tell you that the re-release of MS10-025 is available. Again, this only affects those with Windows 2000 Servers in a non-default configuration with Windows Media Services installed. All customers with this configurartion are advised to install this re-released update.
Friday, April 23, 2010
I wanted to give customers an update on the status of MS10-025. First, I want to reiterate that this issue affects only Windows 2000 Servers in a non-default configuration: Windows Media Services needs to be installed. Customers who do not have Windows Media Services installed are not affected and were not offered this update.
Wednesday, April 21, 2010
Hi, MS10-025 is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks seeking to exploit this issue and are targeting a re-release of the update for next week.
Monday, April 19, 2010
The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002). This attack scenario involved modified HTTP responses, enabling XSS on sites that would not otherwise be vulnerable. An additional update to the IE XSS Filter is currently scheduled for release in June.
Friday, April 16, 2010
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Group Manager, Response Communications Website: TechNet/security Chat Topic: April 2010 Security Bulletin Release Date: Tuesday, April 13, 2010 Q: Are the MS10-023 and MS10-028 updates available via Window Server Update Services (WSUS)? They were not listed in KB894199, or as an exception by KB910723?
Tuesday, April 13, 2010
Hi everyone, Today, as part of our monthly security update cycle, we are releasing ** 11 security bulletins to address 25 vulnerabilities: five rated Critical, five rated Important and one rated Moderate. This month’s release affects Windows, Microsoft Office, and Microsoft Exchange. Additionally, the Malicious Software Removal Tool (MSRT) was updated to include Win32/Magania.
Monday, April 12, 2010
4/13/2010 Update: The migration to the new mail system has not gone fully as planned but the good news in our update today is that we “will” be using a microsoft.com email address to send the security notifications to customers. The bad news is that PGP signing is not working correctly in the new system so the mailers going out today announcing our security bulletin release will not be signed.
