Friday, December 12, 2008
Hi this is Christopher Budd, I wanted to give you a quick update on a couple of new things today related to Microsoft Security Advisory 961051. We’ve made another revision to the advisory today. Our research teams are working around the clock to help identify better, more effective workarounds to give customers more options to evaluate and we’ve updated the advisory with the latest information from their research.
Thursday, December 11, 2008
Hello, This is Christopher Budd, We’ve just posted a revision to Microsoft Security Advisory (961051) with the latest information from our ongoing work around this issue. While the known attacks are only targeting Internet Explorer 7, we have found that the underlying vulnerability affects all currently supported versions of Internet Explorer.
Wednesday, December 10, 2008
Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (961051). This advisory contains information regarding new attacks against a new vulnerability in Internet Explorer. At this time, we are aware of limited attacks attempting to use the reported vulnerability, but we will continue to track this issue.
Tuesday, December 09, 2008
Hi, This is Christopher Budd. I wanted to let you know that we’ve just released our security bulletins for December. The new bulletins for this month are: · MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical” · MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”
Thursday, December 04, 2008
Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Dec. 9, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
Tuesday, November 25, 2008
Hi, this is Bill Sisk A while back we discussed the fact that we’re likely to see new pieces of malware over the coming weeks that exploit the vulnerability resolved in MS08-067. Recently we’ve received a string of reports from customers that have yet to apply the update and are infected by malware.
Friday, November 14, 2008
Register now for the December 2008Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: November 2008 Security Bulletin Date: Wednesday, November 11, 2008 Q: Along with the expected updates, my Windows Server Update Services (WSUS) servers picked up KB948110, an update for SQL Server 2000 Service Pack 4, during the same sync on Wednesday morning.
Friday, November 14, 2008
Hi, During this month’s webcast we were able to address 12 questions in the time allotted. The questions were spread fairly evenly across both bulletins. We also fielded questions regarding the Exploitability Index and the MS08-067 form the October Out-of-Band Release. Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:
Tuesday, November 11, 2008
Hi, this is Christopher Budd. We’ve received some questions from customers about MS08-068 and its relationship to an issue that was first discussed in 2001, called the SMBRelay attack. Specifically, we’ve gotten some questions about why, in 2008, we’re releasing an update that addresses an issue first discussed in 2001. Since I was in the MSRC back in 2001 when this was all first discussed, I feel well placed to answer that.
Tuesday, November 11, 2008
Hi! This is Tami Gallupe, MSRC Release Manager and I just wanted to give you an update on the two bulletins we released today: • MS08-068: Vulnerability in SMB Could Allow Remote Code Execution (957097). This has a severity rating of Important. • MS08-069: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218).
