MSRC

August 2009 Bulletin Release

Tuesday, August 11, 2009

Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note that five of the six critical updates also have an Exploitability Index rating of “1” which means that we could expect there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release.

• ActiveX
• Attack
• Defense-in-depth
• Exploitability
• Exploitability Index
• Internet Explorer (IE)
• Risk Assessment
• Security Advisory
• Security Bulletin
• Security Update
• Video

August 2009 Advance Notification

Thursday, August 06, 2009

Advance Notification for the August 2009 Security Bulletin Release In this month’s Advance Notification we are making customers aware that next Tuesday August 11th we plan to release 9 security bulletins at approximately 10:00 a.m. PDT (UTC -8). Those bulletins consist of: · 8 bulletins affecting Windows four of which are rated critical and four are rated as important.

• Security Bulletin
• Security Update

Security Bulletin Webcast Q&A - OOB July 2009

Wednesday, July 29, 2009

Hosts: Christopher Budd, Security Program Manager Jonathan Ness, Security Development Lead Website: TechNet/security Chat Topic: July 2009 OOB Security Bulletin Date: Tuesday, July 28, 2009** Q: After applying MS09-035 will end users see any changes to their user interface that would be unusual or different to normal when working with ActiveX controls in Internet Explorer?

• Pages
• Security Update Webcast Q & A

Security Bulletin Webcast Questions and Answers – Out-Of-Band July 2009

Wednesday, July 29, 2009

Hi, In conjunction with the Microsoft July 2009 Out-of-Band Bulletin release, we conducted two public webcasts to assist customers. During these webcasts, we were able to address 60 questions in the time allotted. The questions centered primarily on MS09-034: the Internet Explorer Cumulative Update Bulletin and MS09-035: the Visual Studio Bulletin.

Microsoft Security Advisory 973882, Microsoft Security Bulletins MS09-034 and MS09-035 Released

Tuesday, July 28, 2009

Today, we’re releasing guidance and security updates to help better protect customers from responsibly reported security vulnerabilities discovered in the Microsoft Active Template Library (ATL). Because libraries function as building blocks that can be used to build software, vulnerabilities in software libraries can be complex issues and benefit from what we call community based defense – broad collaboration and action from Microsoft, the security community and industry.

Advance Notification for July 2009 Out-of-Band Releases

Friday, July 24, 2009

We have just published our advance notification for an out-of-band security bulletin release, with a target of 10:00 AM Pacific Time next Tuesday, July 28, 2009. While this release is to address a single, overall issue, in order to provide the broadest protections possible to customers, we’ll be releasing two separate security bulletins:

• Internet Explorer (IE)
• Security Bulletin
• Security Update

Monthly Security Bulletin Webcast Q&A - July 2009

Wednesday, July 15, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: July 2009 Security Bulletin Date: Wednesday, July 15, 2009 Q: How is Fix-It different from a security bulletin? A: A Fix-It will automatically apply a workaround to address a particular issue. A bulletin provides a comprehensive update to address the root cause of vulnerability.

• Pages
• Security Update Webcast Q & A

Security Bulletin Webcast Video, Questions and Answers – July 2009

Wednesday, July 15, 2009

Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components). There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed the Fix it workaround in the advisory, do I need to uninstall it before installing the update in the bulletin?

• ActiveX
• Killbit
• Security Advisory
• Security Bulletin
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A
• Video

July 2009 Bulletin Release

Tuesday, July 14, 2009

Summary of Microsoft’s monthly security bulletin release for July 2009. This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days.

• Exploitability Index
• Security Advisory
• Security Bulletin
• Security Update
• Video

Microsoft Security Advisory 973472 Released

Monday, July 13, 2009

Hi Everyone, This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain the same user rights as the local user.

• ActiveX
• Microsoft Active Protections Program (MAPP)
• Microsoft Office
• Security Advisory
• Workarounds