MSRC | Microsoft Security Response Center

March 2008 MS08-014 Re-release

Wednesday, March 19, 2008

Hello, this is Tim Rains. Very quickly, I wanted to let you know that we’ve just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only. The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function).

Update: March 2008 Monthly Release

Thursday, March 13, 2008

Bill here. I wanted to let you know that we have updated bulletin MS08-014 to provide additional information on a newly identified issue that causes Microsoft Excel 2003 calculations to return an incorrect result when a Real Time Data source is used. The issue affects a specific scenario and may not affect you.

March 2008 Monthly Release

Tuesday, March 11, 2008

Wow! It is already the 2nd Tuesday of the month, and with it comes the announcement of some new bulletins! This is Tami Gallupe, MSRC Release Manager, and I just wanted to let you know that we just posted our March 2008 Bulletins. We released four bulletins today, all are for Office and all have a maximum severity rating of Critical.

March 2008 Advance Notification

Thursday, March 06, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, March 11, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

February 2008 Monthly Release

Tuesday, February 12, 2008

February 2008 Monthly Bulletin Release I’m Simon, Release Manager in the MSRC. The February 2008 release contains 11 new bulletins, 6 of which have maximum severities of “Critical”. MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538) MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)

February 2008 Advance Notification

Thursday, February 07, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, February 12, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

MSRC Blog: Security Advisory 947563

Tuesday, January 15, 2008

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (947563). This advisory contains information about a targeted attack exploiting a vulnerability in Microsoft Office Excel. Our investigation has shown that this vulnerability affects Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac.

January 2008 Monthly Release

Tuesday, January 08, 2008

Happy New Year! I hope 2008 is off to a wonderful start for you! This is Tami Gallupe, MSRC Release Manager, and we’re starting off the year here in MSRC-land with the release of two bulletins and a security advisory. The first bulletin, MS08-001, addresses a vulnerability in TCP(IP)/IGMP that could allow remote code execution.

January 2008 Advance Notification

Thursday, January 03, 2008

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, January 8, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

Announcing the Microsoft Security Vulnerability Research and Defense Blog

Thursday, December 27, 2007

Hi everyone. This is Jonathan from the SWI team. My co-workers and I have posted technical vulnerability information a few times here on the MSRC blog. We’ll continue to contribute to the MSRC blog with technical clarifications but the bulk of our vulnerability research and defense information will be posted on a new SWI blog.