Skip to main content
MSRC

MSRC

May 2008 Monthly Release

Tuesday, May 13, 2008

This is Tami Gallupe, MSRC Release Manager, and I want to let you know that we just posted our May 2008 Bulletins. We released four bulletins today, which include three bulletins with severity rating of critical and one with the severity rating of moderate. We also re-released MS06-069 to add XP SP3 as an affected version.

May 2008 Advance Notification

Thursday, May 08, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, May 13, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

Questions about Web Server Attacks

Friday, April 25, 2008

Hi there this is Bill Sisk. There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information. To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited.

MSRC Blog: Microsoft Security Advisory 951306

Thursday, April 17, 2008

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (951306). This advisory contains information regarding a new public report of a vulnerability within Microsoft Windows which allows for privilege escalation from authenticated user to LocalSystem. Our investigation has shown that this vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

April 2008 Monthly Release

Tuesday, April 08, 2008

April 2008 Monthly Bulletin Release I’m Simon, Release Manager in the MSRC. The April 2008 release contains 8 new bulletins, 5 of which have maximum severities of “Critical”. MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)

April 2008 Advance Notification

Thursday, April 03, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, April 8, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

UPDATE: MSRC Blog: Microsoft Security Advisory (950627)

Monday, March 24, 2008

Hi there, This is Mike of the MSRC, The case of the MDB attack vector The MSRC on Friday afternoon posted an advisory about limited, targeted attacks using JET database files, commonly referenced as file type MDB. Many of you probably remember that MDB files are on the unsafe file type list (http://support.

MSRC Blog: Microsoft Security Advisory (950627)

Friday, March 21, 2008

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (950627). This advisory contains information about a very limited, targeted attack exploiting a vulnerability in Microsoft Jet Database Engine. Our initial investigation has shown that this vulnerability affects customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007 and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

March 2008 MS08-014 Re-release

Wednesday, March 19, 2008

Hello, this is Tim Rains. Very quickly, I wanted to let you know that we’ve just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only. The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function).

Update: March 2008 Monthly Release

Thursday, March 13, 2008

Bill here. I wanted to let you know that we have updated bulletin MS08-014 to provide additional information on a newly identified issue that causes Microsoft Excel 2003 calculations to return an incorrect result when a Real Time Data source is used. The issue affects a specific scenario and may not affect you.