MSRC

Black Hat 2008: Improving the Broader Security Ecosystem

Monday, August 04, 2008

Hey Andrew Cushman here… It’s August in Vegas and you know what that means—Black Hat. Microsoft has quite a contingent here through its MSRC Operations and Ecosystem Strategy teams. We are here because Black Hat is one of the premier events in the security industry, it provides a wealth of information and insight into the pulse of the security landscape, and is a fantastic opportunity for face-to-face communication with the researchers, vendors, ISVs, CERTs and companies we work with throughout the year.

Microsoft Security Bulletin Webcast Q&A - Index Page

Wednesday, July 30, 2008

Below is an index of the Question & Answers from our monthly security bulletin webcast. To find the registration link for the next webcast, please visit the following link: http://www.microsoft.com/technet/security/current.aspx. To view previous webcasts On-Demand, please visit this link: http://www.microsoft.com/events/security/ondemand.mspx Index: October 2010 - N/A September 2010 - N/A Out-of-Band (MS10-070) - N/A August 2010 - N/A Out-of-Band(MS10-046) - N/A July 2010- N/A June 2010 - N/A May 2010 - N/A April 2010 - N/A Out-of-Band (MS10-018) – N/A March 2010 – N/A February 2010 – N/A January 2010 – N/A December 2009 – N/A

• Pages
• Security Update Webcast Q & A

Microsoft Security Bulletin Webcast Q&A - July 2008

Wednesday, July 30, 2008

Hosts: Mike Reavey, Group Security Program Manager Adrian Stone, Microsoft Security Response Center (MSRC) Website: TechNet/security Topic: Information about Microsoft Security Bulletins Date: Wednesday, July 9, 2008 Q: Why was CVE-2008-0951(Windows Vista not properly enforce the NoDriveTypeAutoRun registry value) not listed as a fixed vulnerability in the bulletin for MS08-038? The notice was embedded within the Bulletin FAQ and has been overlooked by many people.

• Pages
• Security Update Webcast Q & A

Microsoft Security Bulletin Webcast Q&A - June 2008

Wednesday, July 30, 2008

Hosts: Christopher Budd, Microsoft Security Response Communications Lead Adrian Stone, Microsoft Security Response Center (MSRC) Website: TechNet/security Topic: Information about Microsoft Security Bulletins Date: Wednesday, June 11, 2008 Q: Was XP SP3 released via AU yesterday? Also where did Microsoft announce this ahead of time? A: No, XP SP3 was not release via AU yesterday.

• Pages
• Security Update Webcast Q & A

Security Bulletin Webcast Questions & Answers

Wednesday, July 30, 2008

Hey everyone, This is Jerry Bryant. I am the Business, Operations & Communications Manager on the Security Response Communications team. I am writing to let you know about a new process we are implementing regarding the questions and answers from our monthly security bulletin webcast. Attendee’s to the webcast ask a lot of great questions concerning the security updates we just released and we have many subject matter experts (SME’s) on hand to answer them.

• Security Update Webcast Q & A

Increased Threat for DNS Spoofing Vulnerability

Friday, July 25, 2008

Hi. Bill here. Today we released Microsoft Security Advisory (956187) to warn you of public exploit code available for Microsoft Security Bulletin MS08-037 (Vulnerabilities in DNS Could Allow Spoofing (953230). We have investigated the public exploit code and have determined that customers who have installed Microsoft Security Bulletin MS08-037 are not affected.

Revision for MS08-037

Thursday, July 10, 2008

Hello, This is Christopher Budd. I wanted to take a moment and let you know about a revision that we’ve made to MS08-037 today. After the release of MS08-037, we became aware of reports of ZoneAlarm customers experiencing issues after applying the security updates. We started investigating these reports as soon as we heard about them and have been working to research this issue.

Update 2: Microsoft Security Advisory (954960)

Thursday, July 10, 2008

Hi. Bill here. I want to let you know that customers running Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 may experience an issue installing the update provided in Microsoft Knowledge Base Article 954960. The update does not correctly elevate privileges, which are required for the installation to complete.

Update: Microsoft Security Advisory 954960

Wednesday, July 09, 2008

Hi. Bill here. I want to let you know that we updated Microsoft Security Advisory 954960, which contains information regarding deployment issues with Microsoft Windows Server Update Services (WSUS) version 3.0 and 3.0 Service Pack 1. Under specific conditions, the issue does not let clients detect any updates from a WSUS server on systems with Microsoft Office 2003 installed.

MSRC Blog: Microsoft Security Advisory 953635

Tuesday, July 08, 2008

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (953635). This advisory contains information regarding a new public report of a possible vulnerability within Microsoft Office Word which could allow for remote code execution. Our investigation thus far has shown that this vulnerability affects Microsoft Office Word 2002 Service Pack 3 only.