Skip to main content
MSRC

msrc

A few thoughts on the WMF vulnerability

Friday, December 30, 2005

Hi folks- this is Kevin Kean from the MSRC, writing what may just be my last MSRC blog entry for 2005. This morning we noticed that there are some people who are still looking for more information about the Windows Metafile (WMF) vulnerability that we issued a security advisory for on Wednesday.

A few thoughts on the WMF vulnerability

Friday, December 30, 2005

Hi folks- this is Kevin Kean from the MSRC, writing what may just be my last MSRC blog entry for 2005. This morning we noticed that there are some people who are still looking for more information about the Windows Metafile (WMF) vulnerability that we issued a security advisory for on Wednesday.

New Security Advisory for Possible Windows Vulnerability

Wednesday, December 28, 2005

Hi everyone, Stephen Toulouse here. Just wanted to make everyone is aware that this evening the MSRC posted a security advisory regarding a possible vulnerability affecting the Graphics Rendering Engine in Windows. The MSRC has made some additional information and guidance available to customers which you can read more about here.

Script for SUS 1.0 problem released

Tuesday, December 20, 2005

Hi everyone, Stephen Toulouse here. We’ve released the script to help address the SUS 1.0 issue Craig mentioned earlier to the download center. We’ve also updated the KB article that details the problem, click here to zoom straight to the section on the new script that is available. S. *This posting is provided “AS IS” with no warranties, and confers no rights.

Todays updates and SUS 1.0

Tuesday, December 13, 2005

Hi everyone. One tired Release Manager Craig here. Today we released 2 new bulletins, details below. But a quick note: For the SUS 1.0 Admins, you may be experiencing some problems with all your previously approved updates are now showing up as “unapproved”. This doesn’t impact the update level of your SUS clients, or the ability to deploy today’s updates with SUS 1.

December Advance Notification

Thursday, December 08, 2005

Stephen Toulouse here gang. The Advance Notification for the security bulletin release for this month has posted. This coming Tuesday, we’re planning to release two security bulletins affecting Microsoft Windows. The maximum total severity rating for this month is Critical, so please update systems as soon as possible when the bulletins are available this coming Tuesday.

Some info on the "cross-site scripting" issue affecting Internet Explorer

Wednesday, December 07, 2005

We’ve received some questions regarding a reported cross-site scripting (XSS) issue affecting Internet Explorer. Google Desktop was used in a proof of concept to demonstrate how, in some cases, this issue could allow an attacker to obtain sensitive information. This issue may be a bit confusing because it is not really an XSS issue.

Update to our recent advisory

Tuesday, November 29, 2005

Hi everyone, I’ve been working on my IT Forum update recapping our trip to Barcelona. But I wanted to go ahead and let you know some breaking information. We’ve been made aware that there has been some malicious software exploiting the recently publicly disclosed Internet Explorer vulnerability. We have just updated our security advisory to reflect this new information, and wanted to let you know that you can visit Windows Live Safety Center if you think you might be infected as a result of this vulnerability.

New Security Advisory posted for IE Issue

Monday, November 21, 2005

Stephen Toulouse here. Just wanted to make everyone aware that this evening we’ve posted a security advisory regarding a publicly disclosed issue in Internet Explorer. You can read all the details here. S. *This posting is provided “AS IS” with no warranties, and confers no rights.*

Disabling an ActiveX

Thursday, November 17, 2005

Hello readers, Mike Reavey here. There has been a fair amount of attention around the ”Sony XCP software” over the last many days. As you may know from the anti-malware blog, Windows Defender and Windows AntiSpyware Beta have included detection and removal for the rootkit component of this software. However, there are also some questions regarding the ActiveX control that was released by Sony to allow the removal of the rootkit.