Tuesday, November 15, 2005
Stephen Toulouse here. I just finished my presentation on the Microsoft Security Response Center here at IT Forum. It was a good talk and I got some great feedback on our security efforts. I also snapped some pics! Here’s here’s the room I presented in before they let people in, here’s the Microsoft booth, here’s the MSRC booth, here’s the ask the experts section, and here’s the exhibition floor just before they opened it.
Saturday, November 12, 2005
Hi everyone, Stephen Toulouse here. I’m typing these words at a speed of about 560 miles an hour currently over the northwest portion of Canada. I’m flying the night time SAS flight from Seattle to Europe for IT Forum in Barcelona and just had to blog. They have Connexion by Boeing on this flight.
Thursday, November 10, 2005
Stephen Toulouse here! Just wanted to let you know that last night we posted a detailed security advisory on the Macromedia Flash Player vulnerability. You can check it out here. Also, the SUS 1.0 problem with Tuesday’s update has been addressed and it’s online. Just to let you know, we had an unforeseen problem with a machine that handles creating those packages and we’re investigating how we can prevent such things in the future.
Wednesday, November 09, 2005
Sup folks, Craig here. Remember what I said about that Murphy guy? Well we’ve run across an issue affecting SUS 1.0 that we’re investigating whereby the update can’t be deployed. We hope to have a resolution soon on it. WSUS and other deployment tools are unaffected. We’ll post more as soon as we can.
Tuesday, November 08, 2005
Craig here. One bulletin. No big whoop right? Impossible. Someone needs to knock that Murphy dude around, because his laws are not cool. Anyways we got the bulletin out. Detection and Deployment will be like most other Windows bulletins. Windows and Microsoft Update, SMS, SUS, and MBSA are all there for you.
Monday, November 07, 2005
Hi everyone, Stephen Toulouse here. There’s been some questions regarding a recent security vulnerability in Macromedia Flash Player, which is a third party product that shipped with Windows XP Service Pack 1 and Windows XP Service Pack 2. The MSRC is in communication with Macromedia, and we know that Macromedia has made an update available on their website.
Thursday, November 03, 2005
Stephen Toulouse here subbing for “Iron” Mike Reavey who is out of the office. We’ve posted the Advance Notification for the security bulletin release for this month. This coming Tuesday, we’re planning to release one security bulletin affecting Microsoft Windows. The maximum total severity rating for this month is Critical, so please update systems as soon as possible when the bulletin is available this coming Tuesday.
Wednesday, November 02, 2005
Hi gang. Stephen Toulouse here. Just wanted to make you aware of some minor changes we have made to some bulletins today. MS05-038 and MS05-052 contain a number of defense-in-depth changes to the overall functionality of Internet Explorer. These changes were done mostly for security reasons, removing potentionally unsafe functionality and making changes to how Internet Explorer handles ActiveX controls.
Monday, October 31, 2005
Hi everyone, Stephen Toulouse here. One of the security researchers that the MSRC works with, Cesar Cerrudo of Argeniss, has pointed out that update MS05-018 fixed an entry point to a vulnerable function without addressing the vulnerable function itself. Some people have called this a “dumb patch” and stated that MS05-049, where we addressed some other vulnerabilities and at the same time addressed the actual vulnerable function, was the proper fix.
Thursday, October 20, 2005
Hey Andrew Cushman here. I work in the Security Technology Unit. My team is focused on outreach to the security researcher community. Our roots are in MSRC – we started a couple years ago focused on “finders” (researchers that report bugs to MSRC). The goal was to figure out how those researchers and Microsoft could communicate and work together more effectively.
