Skip to main content
MSRC

MSRC

Advisory posted on the recent Word vulnerability.

Tuesday, May 23, 2006

Hi everyone, Stephen Toulouse here again. Just wanted to make you aware that we have reached the point in our investigation of the limited attacks trying to use the Word vulnerability that provided us with enough information to develop some stronger workarounds and mitigations. We’ve posted all that into a new security advisory:

A quick check-in on the Word vulnerability

Saturday, May 20, 2006

Hi everyone, Stephen Toulouse here again. I wanted to catch you up on where we’re at with our investigation of the Word vulnerability. First off on the vulnerability itself: I want to reiterate we’re hard at work on an update. The attack vector here is Word documents attached to an email or otherwise delivered to a user’s computer.

Reports of a new vulnerability in Microsoft Word

Friday, May 19, 2006

Hi everyone, Stephen Toulouse here. We’ve been made aware of a new vulnerability in Microsoft Word XP and Word 2003. Customers using the Word viewer to view documents are not impacted. Yesterday we recieved a report that a customer had been subjected to a very targeted attack using this vulnerability.

New Article: Ten Principles of Microsoft Patch Management

Tuesday, May 16, 2006

Hello, This is Christopher Budd. I wanted to take a moment and let folks know that this month’s IT Pro Security newsletter has an article that I hope will be helpful for those of you who manage security updates. It’s called Ten Principles of Microsoft Patch Management and in it I try o outline not so much the “how” of patch management but rather more of the “why” behind what we do.

May 2006 Bulletin Release

Tuesday, May 09, 2006

Say heh? I have to be honest. I’ve been in the MSRC now for a while, seen a lot of “interesting” things happen around here and it is a bit of a trip to look at our list of bulletins we shipped today and see the words Flash, Adobe, and Macromedia in the titles.

May 2006 Advance Notification

Thursday, May 04, 2006

Good afternoon, This is Christopher Budd. I wanted to take a moment and let you know that we’ve posted our regular Monthly Advanced Notification for the upcoming bulletin release. As a reminder, this month, our regularly scheduled monthly bulletin release is slated for Tuesday, 9 May 2006 with a target time of 10 AM Pacific Time.

MS06-015 targeted re-release now available. And so is IE7 Beta 2

Tuesday, April 25, 2006

Hi everyone, Stephen Toulouse here again. The targeted re-release of MS06-015 is ready. If you are configured for Automatic Update, no need to take any actions. It will detect if you have the problem and deliver the update to you. If you have not yet installed MS06-015, the revised version will be offered to you.

NVIDIA driver versions affected by the MS06-015 issue

Friday, April 21, 2006

Hi everyone, Stephen Toulouse here. I’ve gotten some customer questions regarding the NVIDIA drivers affected by the issue so I wanted to provide some more detail on that. In working with NVIDIA we have narrowed the issue to a subset of their Release 60 drivers, which means version-wise all driver versions 60.

More information on the MS06-015 issue

Thursday, April 20, 2006

Hi everyone, Stephen Toulouse here. We’ve been continually examining the best way to assist the customers who may have been impacted by the interaction of MS06-015 with the software Mike mentioned before. We wanted to check in and let you know the current plan. Up until now there have been several solutions: Upgrade to the newest version of the affected software, a manual registry key fix, uninstall the third party software (NVIDIA Drivers versions 61.