Thursday, September 13, 2007
Hi everyone. Ben from the MSRC here. I am the case manager that handled the Crystal Reports for Visual Studio Bulletin, MS07-052, and I wanted to let you know that today we updated our detection and deployment logic for that bulletin. First, I want to note that we’re not making any changes to the update itself given it protects against the vulnerability discussed in the bulletin.
Wednesday, September 12, 2007
Hi everyone. Jonathan from the SWI team in the MSRC here again. I’d like to give some more detail around the conditions required to exploit MS07-054, the vulnerability in MSN Messenger and Windows Live Messenger. You can read from the bulletin that MS07-054 affects MSN Messenger 6.2, 7.0, 7.5 and Windows Live Messenger 8.
Tuesday, September 11, 2007
Hello, This is Christopher Budd. I wanted to go ahead and let you know that we’ve posted our bulletins for the September 2007 monthly release. This month we’ve released: MS07-051: This bulletin addresses a vulnerability in Microsoft Agent on Windows 2000 only. This bulletin is rated “Critical”.** MS07-052: This bulletin addresses a vulnerability in Crystal Reports which shipped with some versions of Visual Studio.
Thursday, September 06, 2007
Hello, This is Christopher Budd and today is the Thursday before the scheduled September 2007 bulletin release on Tuesday Sept. 11, 2007. As we do each month, as part of our processes to help make security updates more predictable and assist with your planning, we’ve posted our Advance Notification with preliminary information about next week’s release.
Thursday, August 23, 2007
Hi everyone. Jonathan from the SWI team in the MSRC here. My team researches potential mitigations and workarounds as part of the comprehensive investigations we do for each security bulletin. We regularly discover information that could help customers better understand how to protect themselves via mitigations and workarounds. This month, I wanted to give you information about the Virtual PC and Virtual Server bulletin and some “best practices” guidance to help protect yourself from this class of vulnerability.
Monday, August 20, 2007
Hello everyone this is Christopher Budd. We’ve been getting questions from customers about a posting that Skype made today about a recent service outage they experienced on August 16, 2007. Specifically, we have questions from customers looking for clarification about the role Windows Update and this month’s release played in that situation, if any.
Tuesday, August 14, 2007
August 2007 Monthly Bulletin Release I’m Simon, Release Manager in the MSRC. The August release contains 9 new bulletins, 6 of which have maximum severities of “Critical”. MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
Thursday, August 09, 2007
Hello, This is Christopher Budd. Today, August 9, 2007 is the Thursday before the scheduled August bulletin release day, August 14, 2007. As we do each month, today we’ve posted our Advance Notification for the August 2007 release. Next Tuesday, we’re currently planning to release nine security bulletins: · Six Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical.
Thursday, July 19, 2007
Hey, Andrew Cushman here. It’s that time of year again. The kids are out of school, most folks are planning for that August vacation, and the MSRC (and Microsoft) are headed to Vegas for Black Hat. This year’s event will be a new experience for me. Although I’ve been to lots of Black Hat conferences – this is the first time I go wearing both hats of director of MSRC and director of outreach to the security community.
Tuesday, July 10, 2007
July 2007 Monthly Release Hello everyone, This is Christopher Budd and I wanted to let you know that we’ve posted our bulletins for the July 2007 monthly release. This month, we’ve released six new bulletins. Three of these have a maximum severity of Critical MS07-036: This security update resolves three vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file.
