Thursday, October 08, 2009
Advance Notification for the October 2009 Security Bulletin Release For October we are releasing 13 bulletins (eight critical and five important), addressing 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Most of these updates require a restart so please factor that into your deployment planning.
Friday, September 11, 2009
In the September 2009 security bulletin webcast, it was clear that customers had a lot of concerns about MS09-048 as almost half the questions we answered were on that topic. The questions and answers from the session are now posted here on the blog. As we mentioned in the webcast, The MS09-048 bulletin has been updated to call out Windows XP in the affected products list with a severity rating of low for the two Denial-of-Service vulnerabilities (the third, Remote Code Execution vulnerability, does not affect XP).
Thursday, September 10, 2009
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: September 2009 Security Bulletin Date: Wednesday, September 9, 2009 Q: For MS09-048 how do we mitigate this with Windows 2000 Server since Microsoft will not be producing a patch? Do we have any prescriptive guidance?
Tuesday, September 08, 2009
We’ve just released Microsoft released Security Advisory 975497 that provides information about a new, irresponsibly reported vulnerability in SMB 2.0. Our investigation has shown that Windows Vista, Windows Server 2008 and Windows 7 RC are affected by this vulnerability. Windows 7 RTM, Windows Server 2008 R2, Windows XP and Windows 2000 are not affected by this vulnerability.
Tuesday, September 08, 2009
Summary of Microsoft’s Security Bulletin Release for September 2009 Hello again, This month we released five critical bulletins to address vulnerabilities in Windows and protect customers from two types of threats: 1. Browser based attacks where websites hosting malicious code attempt to compromise visitors. This includes MS09-045, MS09-046 and MS09-047.
Thursday, September 03, 2009
Hi Everyone, Today we updated Security Advisory 975191 as we are now seeing limited attacks. Additionally, a new proof of concept published allowing for Denial of Service (DoS) attacks on Windows XP and Windows Server 2003 with read access to the File Transfer Protocol (FTP) service. This does not require Write access.
Wednesday, September 02, 2009
Advance Notification for the September 2009 Security Bulletin Release This month we will be releasing 5 security bulletins, all affecting Windows, and all with an aggregate severity rating of critical. As always, the target for release is the second Tuesday of the month at 10:00 a.m. PDT (UTC -8). Please check back here at that time as we will be posting our risk and impact assessment, a new deployment prioritization table and an overview video.
Tuesday, September 01, 2009
Hi Everyone, This is Alan Wallace, senior communications manager for our security response communications team. Today, Microsoft released Security Advisory 975191, to provide customer guidance and protection from a vulnerability that could allow remote code execution on affected systems running the FTP service in Microsoft Internet Information Services (IIS) 5.0, 5.
Friday, August 14, 2009
As we do every month on the Wednesday following our standard second Tuesday security bulletin release, we conducted a live webcast where Adrian Stone and myself went through the bulletins in detail and then answered customer questions with the help of several subject matter experts (SMEs). It is apparent that there is still a bit of confusion around the Active Template Library (ATL) issue and how current updates relate to work we have already done to provide mitigations, protections and guidance to customers.
Thursday, August 13, 2009
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: August 2009 Security Bulletin Date: Wednesday, August 11, 2009** Q: Regarding the re-release of MS09-029. Why it was re-released? Is it recommended to install? A: This update was re-released to correct an issue affecting the print spooler in certain circumstances.
