Thursday, August 06, 2009
Advance Notification for the August 2009 Security Bulletin Release In this month’s Advance Notification we are making customers aware that next Tuesday August 11th we plan to release 9 security bulletins at approximately 10:00 a.m. PDT (UTC -8). Those bulletins consist of: · 8 bulletins affecting Windows four of which are rated critical and four are rated as important.
Wednesday, July 29, 2009
Hosts: Christopher Budd, Security Program Manager Jonathan Ness, Security Development Lead Website: TechNet/security Chat Topic: July 2009 OOB Security Bulletin Date: Tuesday, July 28, 2009** Q: After applying MS09-035 will end users see any changes to their user interface that would be unusual or different to normal when working with ActiveX controls in Internet Explorer?
Wednesday, July 29, 2009
Hi, In conjunction with the Microsoft July 2009 Out-of-Band Bulletin release, we conducted two public webcasts to assist customers. During these webcasts, we were able to address 60 questions in the time allotted. The questions centered primarily on MS09-034: the Internet Explorer Cumulative Update Bulletin and MS09-035: the Visual Studio Bulletin.
Tuesday, July 28, 2009
Today, we’re releasing guidance and security updates to help better protect customers from responsibly reported security vulnerabilities discovered in the Microsoft Active Template Library (ATL). Because libraries function as building blocks that can be used to build software, vulnerabilities in software libraries can be complex issues and benefit from what we call community based defense – broad collaboration and action from Microsoft, the security community and industry.
Friday, July 24, 2009
We have just published our advance notification for an out-of-band security bulletin release, with a target of 10:00 AM Pacific Time next Tuesday, July 28, 2009. While this release is to address a single, overall issue, in order to provide the broadest protections possible to customers, we’ll be releasing two separate security bulletins:
Wednesday, July 15, 2009
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: July 2009 Security Bulletin Date: Wednesday, July 15, 2009 Q: How is Fix-It different from a security bulletin? A: A Fix-It will automatically apply a workaround to address a particular issue. A bulletin provides a comprehensive update to address the root cause of vulnerability.
Wednesday, July 15, 2009
Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components). There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed the Fix it workaround in the advisory, do I need to uninstall it before installing the update in the bulletin?
Tuesday, July 14, 2009
Summary of Microsoft’s monthly security bulletin release for July 2009. This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days.
Monday, July 13, 2009
Hi Everyone, This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain the same user rights as the local user.
Thursday, July 09, 2009
Hi everyone, Mike Reavey here. You’ve probably seen in Jerry’s Advance Notification posting today announcing that we’re on track to release an update to address the issue discussed in Microsoft Security Advisory 972890. We’ve gotten some questions from customers about when we got the first report of this vulnerability and how long the investigation has taken relative to the outbreak of attacks against this vulnerability.
