Friday, October 17, 2008
Register now for the Novemberr 2008 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: October 2008 Security Bulletin Date: Wednesday, October 15, 2008 Q: What is the difference between Microsoft Update and Windows Update as patch mechanisms?
Friday, October 17, 2008
Hi, During this month’s webcast we were able to address 18 questions in the time allotted. The questions were spread fairly evenly across all bulletins, as well as the Exploitability Index that was released for the first time with this Bulletin Release Cycle. Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:
Tuesday, October 14, 2008
Hello Everyone! This is Steve Adegbite. I am new to the MSRC Crew. I work with Simon and Tami to help manage Microsoft’s security update releases. I also help with Microsoft’s Partner outreach effort and the Microsoft Active Protections Program (MAPP). So from time to time you will be hearing from me.
Monday, October 13, 2008
Hi this is Christopher Budd, We received some questions from customers about an e-mail that’s circulating that claims to be a security e-mail from Microsoft. The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe.
Monday, October 13, 2008
I’m Dustin, a Security Program Manager in the Microsoft Security Response Center (MSRC). We have received a few questions regarding a public issue and we wanted to update you on the status of how we plan to address it. The issue revolves around Security Advisory 951306. We originally posted this advisory in March as a result of an issues discussed publicly that described a method of using system tokens to elevate privileges on Windows XP and 2003 systems.
Thursday, October 09, 2008
Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Oct. 14, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
Thursday, October 09, 2008
Hello, Bill here, I wanted to let you know that we have just updated Microsoft Security Advisory (951306). Exploit code has been published on the Internet for the vulnerability addressed by this Advisory. Our investigation has shown that it does not affect customers who have applied the workarounds listed in the Advisory.
Friday, September 12, 2008
Register now for the September 2008 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: September 2008 Security Bulletin Date: Wednesday, September 9, 2008 Q: Are there any issues between Microsoft and Altiris that is delaying the availability of this month’s bulletins?
Friday, September 12, 2008
Hi, During this month’s webcast we were able to address 22 questions in the time allotted. The majority of the questions were regarding the GDI+ update (bulletin number MS08-052). We strongly recommend that you review the bulletin in detail for specific information regarding bulletins superseded by MS08-052, and affected products. Additionally, you will want to review the detection and deployment section to further understand how this update impacts your environment.
Tuesday, September 09, 2008
I’m Simon, Release Manager in the MSRC. The September 2008 release contains 4 new bulletins, all with maximum severities of “Critical”. MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) MS08-053 Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) MS08-054 Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
