Thursday, April 17, 2008
Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (951306). This advisory contains information regarding a new public report of a vulnerability within Microsoft Windows which allows for privilege escalation from authenticated user to LocalSystem. Our investigation has shown that this vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
Tuesday, April 08, 2008
April 2008 Monthly Bulletin Release I’m Simon, Release Manager in the MSRC. The April 2008 release contains 8 new bulletins, 5 of which have maximum severities of “Critical”. MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
Thursday, April 03, 2008
Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, April 8, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
Monday, March 24, 2008
Hi there, This is Mike of the MSRC, The case of the MDB attack vector The MSRC on Friday afternoon posted an advisory about limited, targeted attacks using JET database files, commonly referenced as file type MDB. Many of you probably remember that MDB files are on the unsafe file type list (http://support.
Friday, March 21, 2008
Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (950627). This advisory contains information about a very limited, targeted attack exploiting a vulnerability in Microsoft Jet Database Engine. Our initial investigation has shown that this vulnerability affects customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007 and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.
Wednesday, March 19, 2008
Hello, this is Tim Rains. Very quickly, I wanted to let you know that we’ve just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only. The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function).
Thursday, March 13, 2008
Bill here. I wanted to let you know that we have updated bulletin MS08-014 to provide additional information on a newly identified issue that causes Microsoft Excel 2003 calculations to return an incorrect result when a Real Time Data source is used. The issue affects a specific scenario and may not affect you.
Tuesday, March 11, 2008
Wow! It is already the 2nd Tuesday of the month, and with it comes the announcement of some new bulletins! This is Tami Gallupe, MSRC Release Manager, and I just wanted to let you know that we just posted our March 2008 Bulletins. We released four bulletins today, all are for Office and all have a maximum severity rating of Critical.
Thursday, March 06, 2008
Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, March 11, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
Tuesday, February 12, 2008
February 2008 Monthly Bulletin Release I’m Simon, Release Manager in the MSRC. The February 2008 release contains 11 new bulletins, 6 of which have maximum severities of “Critical”. MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538) MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
