Skip to main content

Microsoft Security Response Center Blog

Microsoft Security Advisory 968272

Tuesday, February 24, 2009

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (968272). This advisory contains information regarding public reports of a vulnerability in Microsoft Office Excel that could allow for remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.

More information about the new Excel vulnerability

Tuesday, February 24, 2009

This morning, we posted Security Advisory 968272 notifying of a new Excel binary file format vulnerability being exploited in targeted attacks. We wanted to share more information about the vulnerability to help you assess risk and protect your environment. Office 2007 being targeted The current attacks we have seen target users of Office 2007 running an earlier version of Windows (Windows 2000, XP, 2003).

February 2009 Security Bulletin Webcast Videos

Tuesday, February 17, 2009

Hey everyone, This is Jerry Bryant, senior program manager on the security response communications team. We are already posting the Q&A from our monthly security bulletin webcasts here on the blog but if you attended our live webcast on Wednesday 2/11/2009, you may have heard Christopher Budd mention that we were recording the session and would be posting video as well.

Monthly Security Bulletin Webcast Q&A - February 2009

Monday, February 16, 2009

Register now for the March 2009 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Sr. Security Program Manager Lead (MSRC) Website: TechNet/security Chat Topic: February 2009 Security Bulletin Date: Wednesday, February 11, 2009 Q: Why are there no updates for Internet Explorer versions prior to Internet Explorer 7?

Security Bulletin Webcast Questions and Answers - February 2009

Monday, February 16, 2009

Hi, During this month’s webcast we were able to address 37 questions in the time allotted. Most of the questions asked involved MS09-002 (Internet Explorer), MS09-003 (Exchange Server) and MS09-004 (SQL Server). We only received a few questions regarding MS-09-005 (Visio). There were also a couple of questions regarding update deployment and attack vectors addressed.

Conficker Activity Update

Thursday, February 12, 2009

There’s been a lot of activity today around the Conficker worm here at Microsoft and across the industry. I wanted to give everyone a quick, high-level overview on what’s been going on today. First, today we’re making public, the work we and many other industry and academic partners have been doing behind the scenes to help combat the Conficker worm.

Conficker Domain Information

Thursday, February 12, 2009

I wanted to follow up our recent Conficker post from last Friday where we posted new pages to consolidate our information on Conficker for enterprises and consumers. We’ve also made the easy-to-remember URL available that will take you directly to the Conficker page for enterprises. We’ve shared some additional information today with our Microsoft Active Protections Program (MAPP) partners and our Microsoft Security Response Alliance (MSRA) partners.

Chills and Thrills at FIRST

Tuesday, February 10, 2009

Sveika! Hey Steve here, been a while since I posted on the EcoStrat blog. With all the security events that happened during the latter half of 2008, I have been very focused on working with the security update releases and Microsoft Active Protections Program (MAPP). Handle: Cap’n Steve IRL: Steve Adegbite

February 2009 Monthly Bulletin Release

Tuesday, February 10, 2009

Today we’re releasing four new security bulletins as part of our regular monthly release process. · MS09-002 rated Critical that addresses two code execution vulnerabilities in Internet Explorer. · MS09-003 rated Critical that addresses one code execution vulnerability and one denial of service vulnerability in Exchange Server. · MS09-004 rated Important that addresses one code execution vulnerability in SQL Server.

New Information Pages on Conficker

Friday, February 06, 2009

Very briefly, I wanted to let everyone know that based on customer request, we’ve posted two new pages that provide information you can use to protect against and remove Conficker. These pages consolidate information that we have related to the Conficker incident and provide links to the other, more detailed resources like the Microsoft Malware Protection Center weblog and encyclopedia.