MSRC

May 2009 Bulletin Release

Tuesday, May 12, 2009

Summary of Microsoft’s monthly security bulletin release for May 2009. Today we released one security bulletin, MS09-017, affecting our PowerPoint products. This update addresses several vulnerabilities including the issue described in Microsoft Security Advisory 969136. In that advisory, we noted that we were aware of limited, targeted attacks. The security of our customers is important to us and due to these active attacks, we have released the updates for one product line (all versions of Microsoft Office for Windows) so that the majority of our customers can protect their systems.

• Security Bulletin
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A
• Video

May 2009 Advance Notification

Thursday, May 07, 2009

Summary of the May 2009 Advance Notification for the 5/12/2009 security bulletin release. Today we are letting customers know that next week we will be releasing one security bulletin affecting Microsoft Office PowerPoint with an aggregate severity rating of critical. Customers should review the Advance Notification and prepare appropriately for deployment.

Changes in Windows to Meet Changes in Threat Landscape

Tuesday, April 28, 2009

Customers have heard us say over the years that the threat environment is an ever-evolving one. That means that one of our jobs in working to keep customers safe is to continually monitor the threat environment and make changes to adapt to it. Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment.

Monthly Security Bulletin Webcast Q&A - April 2009

Monday, April 20, 2009

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Website: TechNet/security Chat Topic: April 2009 Security Bulletin Date: Wednesday, April 15, 2009 Q: I understand that Windows Server Update Service (WSUS) v2.0 Service Pack 1 lifecycle support ends April 2009. My question is, will WSUS v2.

• Pages
• Security Update Webcast Q & A

Security Bulletin Webcast Questions and Answers - April 2009

Monday, April 20, 2009

Hi, During this month’s webcast we were able to address 15 questions in the time allotted, but have included the additional questions asked in this QA post. Most of the questions centered on the MS09-013: the Windows HTTP bulletin, MS09-014: Internet Explorer Bulletin, and MS08-015, the Blended Threat bulletin. We did address additional questions regarding the other bulletins, as well as, questions concerning Product Support Lifecycle.

• Security Update Webcast Q & A

April 2009 Security Bulletin Webcast Video

Thursday, April 16, 2009

Hello again, This is Jerry Bryant letting you know that we have published the security bulletin webcast video. As you know, on Tuesday, we published a quick overview of the 8 bulletins we released on that day. Yesterday we conducted a live, public webcast, where we went in to more detail on each bulletin.

• Video

April 2009 Monthly Bulletin Release

Tuesday, April 14, 2009

April is here and is turning out to be a typical, busy month, if one can call it that. In general, when we have a large release, the number of updates ranges from 7-12. With this in mind, we released eight security updates this month: 5 rated as Critical, 2 rated as Important, and one rated as Moderate.

Security Bulletin Overview Video – April 2009

Tuesday, April 14, 2009

Hi Everyone, Jerry Bryant again. Here is the overview video for the April 2009 bulletins. Please join us tomorrow at 11:00 am PDT (UTC –7) for our bulletin webcast where we will cover this months updates in more detail and try to answer all of your bulletin related questions. More viewing options: - Windows Media Video (WMV) - Windows Media Audio (WMA) - Large Preview Image (PNG) - Small Preview Image (PNG) - iPod Video (MP4) - MP3 Audio - Streaming WMV (512kbps) - High Quality WMV (2.

• Video

Token Kidnapping

Tuesday, April 14, 2009

Hello everyone, As you can see from the April 2009 release summary, we addressed the Token Kidnapping issue with bulletin MS09-012. This issue allowed an attacker to gain full control of a server if the attacker can first run malicious code on the server as a lesser privileged user. This issue was originally presented by Cesar Cerrudo in March of 2008 at Hack in the Box (Dubai) 2008.

April 2009 Advanced Notification

Thursday, April 09, 2009

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release, scheduled for Tuesday, April 14, 2009 around 10 a.m. Pacific Daylight Time. This should help you plan for your deployment process for next week and address these vulnerabilities to protect your computing environments.