Wednesday, April 21, 2010
Hi, MS10-025 is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks seeking to exploit this issue and are targeting a re-release of the update for next week.
Monday, April 19, 2010
The XSS Filter related Blackhat EU presentation discussed a vulnerability that was previously disclosed and addressed in the January security update to Internet Explorer (MS10-002). This attack scenario involved modified HTTP responses, enabling XSS on sites that would not otherwise be vulnerable. An additional update to the IE XSS Filter is currently scheduled for release in June.
Friday, April 16, 2010
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Group Manager, Response Communications Website: TechNet/security Chat Topic: April 2010 Security Bulletin Release Date: Tuesday, April 13, 2010 Q: Are the MS10-023 and MS10-028 updates available via Window Server Update Services (WSUS)? They were not listed in KB894199, or as an exception by KB910723?
Tuesday, April 13, 2010
Hi everyone, Today, as part of our monthly security update cycle, we are releasing ** 11 security bulletins to address 25 vulnerabilities: five rated Critical, five rated Important and one rated Moderate. This month’s release affects Windows, Microsoft Office, and Microsoft Exchange. Additionally, the Malicious Software Removal Tool (MSRT) was updated to include Win32/Magania.
Monday, April 12, 2010
4/13/2010 Update: The migration to the new mail system has not gone fully as planned but the good news in our update today is that we “will” be using a microsoft.com email address to send the security notifications to customers. The bad news is that PGP signing is not working correctly in the new system so the mailers going out today announcing our security bulletin release will not be signed.
Thursday, April 08, 2010
Hi everyone, Our ANS (Advance Notification Service) went out today informing customers that next Tuesday we will release 11 bulletins addressing 25 vulnerabilities in Windows, Microsoft Office, and Microsoft Exchange. We recommend that customers review the ANS summary page and prepare to test and deploy the bulletins as quickly as possible.
Wednesday, April 07, 2010
Hi everyone, I am just writing to formally announce that we have launched a Twitter account: @MSFTSecResponse We will use this account to augment the content here on the blog. For example, we will use the account to rapidly respond to emerging issues while we are gathering information for a more complete blog post.
Monday, April 05, 2010
Hi everyone, Last week Adrian Stone and I conducted a webcast to cover the Internet Explorer out-of-band security bulletin release. We only spent a short period of timing on the presentation and then spent the rest of the time answering customer questions which you can read here. There were some interesting questions and hopefully those who attended came away with a better understanding about how to better protect themselves from emerging threats.
Tuesday, March 30, 2010
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Group Manager, Response Communications Website: TechNet/security Chat Topic: March 2010 Out-of-Band Security Bulletin Date: Tuesday, March 30, 2010 Q: CVE-2010-0483 , like CVE-2010-0806 , is a remote code executable vulnerability with an exploit code that has been published and publicly available since March 1, 2010.
Tuesday, March 30, 2010
Hi everyone, Today we released MS10-018 out-of-band due to increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability discussed in Security Advisory 981374. I want to reiterate that Internet Explorer 8 is not affected by this issue so customers using this version are not affected by these attacks and we continue to encourage customers to upgrade to the newer version because it provides more security and protection.
