Skip to main content
MSRC

MSRC

Questions about Timing and Microsoft Security Advisory 972890

Thursday, July 09, 2009

Hi everyone, Mike Reavey here. You’ve probably seen in Jerry’s Advance Notification posting today announcing that we’re on track to release an update to address the issue discussed in Microsoft Security Advisory 972890. We’ve gotten some questions from customers about when we got the first report of this vulnerability and how long the investigation has taken relative to the outbreak of attacks against this vulnerability.

Read More

July 2009 Advance Notification

Wednesday, July 08, 2009

Advance Notification for the July 2009 Security Bulletin Release Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of: · Three Critical updates affecting Windows. · One Important update affecting Publisher.

Read More

Microsoft Security Advisory 972890 Released

Monday, July 06, 2009

I wanted to let you know that we have just posted Microsoft Security Advisory 972890 that discusses new, limited attacks against a Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003. Specifically, we’re aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.

Read More

Monthly Security Bulletin Webcast Q&A - June 2009

Friday, June 12, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: June 2009 Security Bulletin Date: Wednesday, June 10, 2009 Q: For security update for Microsoft Excel 2000 ( KB969683), is Microsoft Office Excel 2000 Service Pack 3 the only version that is vulnerable, or is that the only version of Office that is supported and therefore the only one that the security update will work for?

Read More

Security Bulletin Webcast Video, Questions and Answers – June 2009

Friday, June 12, 2009

During the security bulletin webcast for June 2009, we answered a wide array of questions around the 10 bulletins we released. Of primary interest to customers, based on the number of questions we received on the topic, is the RPC issue addressed by MS09-026. As this issue affects third party products that utilize RPC in Windows, customers wanted to know if there is a way to tell if their third party product was vulnerable.

Read More

June 2009 Bulletin Release

Tuesday, June 09, 2009

Summary of Microsoft’s monthly security bulletin release for June 2009. Today we released 10 new security bulletins. 6 of those affect Windows with two rated as critical, three rated as important and one as moderate. The remaining four all have an aggregate rating of critical and affect Internet Explorer, Microsoft Office Word, Microsoft Office Excel and Microsoft Works Converters.

Read More

June 2009 Advance Notification

Thursday, June 04, 2009

Advance Notification for the June 2009 Security Bulletin Release Today, we published our Advance Notification indicating that next Tuesday, June 9 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 10 security bulletins consisting of: · Six updates affecting Windows. Two Critical, three Important, and one Moderate.

Read More

Microsoft Security Advisory 971778 Vulnerability in Microsoft DirectShow Released

Thursday, May 28, 2009

We’ve just released Microsoft Security Advisory 971778 today. This discusses a new vulnerability in Microsoft DirectShow affecting Windows 2000, Windows XP and Windows Server 2003 that is under limited attack. The advisory outlines information about the vulnerability and steps customers can take to protect themselves while we’re working on a security update to address the issue.

Read More

Microsoft Security Advisory 971492

Monday, May 18, 2009

I wanted to let you know that we have just posted Microsoft Security Advisory (971492). This advisory contains information regarding public reports of a vulnerability in Microsoft Internet Information Services (IIS) that could allow Elevation of Privilege. Products affected are IIS 5.0, IIS 5.1, and IIS 6.0. The advisory contains guidance and workarounds that customers can use to help protect themselves.

Read More