Wednesday, March 22, 2006
Hi, It’s Lennart again. Wanted to let you know that today we saw another public posting around a vulnerability in Internet Explorer. This one is different than the crash bug I wrote about earlier. The public posting speaks about createTextRange() and a way that this could be utilized to get code to run when visiting a specially crafted Web page.
Monday, March 20, 2006
Hi everyone, Lennart Wistrand here. You may have heard about an IE crashing vulnerability that was unfortunately publicly posted before the weekend. We just wanted to make a quick note here that, as always, we’re investigating it. So far we’ve determined that visiting a page that exploits it could cause IE to fail.
Tuesday, March 14, 2006
‘I want my two… bulletins’. For some reason an unrelenting paperboy’s quest for two dollars seems to echo in my mind today. It seems so small yet it is so important. Well today the MSRC released two new bulletins. One for Office and the other for Windows, more info below. The Windows one addresses an issue you may have been following via our advisories, 914457.
Thursday, March 09, 2006
Hey folks, Mike Reavey here, I wanted to take a quick second to make sure everyone saw the Advance Notification for the Security Bulletin release for March. This coming Tuesday, the 14th, we’re planning to release two security bulletins, and they are being released for Windows for Office. The maximum total severity rating for this month is Critical, so please update systems as soon as possible when they are available on Tuesday.
Tuesday, February 28, 2006
Hi everyone, Stepto here. (I’m giving up on the “Stephen Toulouse here” after many people I met at RSA greeted me as “Stepto”, but as a side note since I created the blog under “Stepto” please remember that posts made by individuals on the MSRC are made by themselves and not me.
Tuesday, February 14, 2006
Hey folks – Craig here taking a step away from the Tuesday release. So, we’ve released seven Security Bulletins today. Real quick, I wanted to give you an overview of them. * MS06-004 only applies to IE5.01 SP4 and is rated as Critical. * MS06-005 is rated critical and applies to Windows Media Player on Microsoft Windows.
Tuesday, February 14, 2006
Hey folks, Stephen Toulouse here blogging live from San Jose, at the RSA 2006 security conference. First a quick update on the MS06-007 update issue Craig mentioned earlier. This situation is now resolved and customers should be able to get the update. I want to reiterate that the problem had nothing to do with the update itself, you applied it manually from the download center or got it through SUS 1.
Monday, February 13, 2006
Hey – Brian here, As we’re gearing up for release tomorrow I wanted to take a second to discuss a recent posting of a security issue to some mailing lists. Matt Murphy, a well known security researcher posted an alert today regarding a “drag and drop” issue affecting Windows. I actually handled this case and worked with Matt.
Friday, February 10, 2006
Many of you may recognize my standard introduction from each month’s Security Bulletin Webcast. My name is Christopher Budd and I’ve been the primary technical presenter for the Monthly Security Bulletin webcast since January 2004. I’ve recently changed roles a bit and wanted to take a few minutes to introduce myself as you’ll be seeing me on this space more moving forward.
Thursday, February 09, 2006
Hey folks, Mike Reavey here, I wanted to take a quick second to make sure everyone saw the Advance Notification for the Security Bulletin release for February. This coming Tuesday, we’re planning to release seven security bulletins, and they are being released for Windows, one for Windows and Office and one for Office.
