Friday, July 24, 2009
We have just published our advance notification for an out-of-band security bulletin release, with a target of 10:00 AM Pacific Time next Tuesday, July 28, 2009. While this release is to address a single, overall issue, in order to provide the broadest protections possible to customers, we’ll be releasing two separate security bulletins:
Wednesday, July 15, 2009
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: July 2009 Security Bulletin Date: Wednesday, July 15, 2009 Q: How is Fix-It different from a security bulletin? A: A Fix-It will automatically apply a workaround to address a particular issue. A bulletin provides a comprehensive update to address the root cause of vulnerability.
Wednesday, July 15, 2009
Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components). There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed the Fix it workaround in the advisory, do I need to uninstall it before installing the update in the bulletin?
Tuesday, July 14, 2009
Summary of Microsoft’s monthly security bulletin release for July 2009. This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days.
Monday, July 13, 2009
Hi Everyone, This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain the same user rights as the local user.
Thursday, July 09, 2009
Hi everyone, Mike Reavey here. You’ve probably seen in Jerry’s Advance Notification posting today announcing that we’re on track to release an update to address the issue discussed in Microsoft Security Advisory 972890. We’ve gotten some questions from customers about when we got the first report of this vulnerability and how long the investigation has taken relative to the outbreak of attacks against this vulnerability.
Wednesday, July 08, 2009
Advance Notification for the July 2009 Security Bulletin Release Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of: · Three Critical updates affecting Windows. · One Important update affecting Publisher.
Monday, July 06, 2009
I wanted to let you know that we have just posted Microsoft Security Advisory 972890 that discusses new, limited attacks against a Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003. Specifically, we’re aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.
Friday, June 12, 2009
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: June 2009 Security Bulletin Date: Wednesday, June 10, 2009 Q: For security update for Microsoft Excel 2000 ( KB969683), is Microsoft Office Excel 2000 Service Pack 3 the only version that is vulnerable, or is that the only version of Office that is supported and therefore the only one that the security update will work for?
Friday, June 12, 2009
During the security bulletin webcast for June 2009, we answered a wide array of questions around the 10 bulletins we released. Of primary interest to customers, based on the number of questions we received on the topic, is the RPC issue addressed by MS09-026. As this issue affects third party products that utilize RPC in Windows, customers wanted to know if there is a way to tell if their third party product was vulnerable.
