Microsoft Security Response Center

MSRC Blog: Additional Details and Background on Security Advisory 943521

Wednesday, October 10, 2007

Hi everyone. This is Jonathan from the SWI team in the MSRC. We’ve just released Security Advisory 943521 regarding a vulnerability affecting Windows Server 2003 and Windows XP with Internet Explorer 7 installed. As you have probably noted there’s been a fair amount of discussion on this issue. One of the reasons we are releasing this Advisory is due to increased risk given recent discussions about how this vulnerability could be used in attacks.

MSRC Blog: Security Advisory 943521

Wednesday, October 10, 2007

Since this is my first post, I suppose a quick introduction is in order. I’m Bill Sisk, a member of the Security Response Communications Team. My team works to provide communications around security response issues to our customer through MSRC Blogs and other outreach vehicles. As part of that I wanted to let people know that we just posted Microsoft Security Advisory 943521, which gives additional information about a vulnerability in the way Microsoft Windows XP SP2 and Windows 2003 SP1 and SP2 handle URI’s when only Internet Explorer 7 installed.

October 2007 Monthly Release

Tuesday, October 09, 2007

Hi Everyone! This is Tami Gallupe, MSRC release manager, and here is a brief update on the bulletins we released today. Today, we released 6 bulletins: 4 have a maximum severity rating of Critical and 2 have a maximum severity rating of Important. The bulletins are as follows: MS07-055 addresses a vulnerability in Kodak Image Viewer, and is rated as a Critical bulletin.

October 2007 Advance Notification

Thursday, October 04, 2007

Hello, This is Christopher Budd. I wanted to let you know that we’ve just posted our Advance Notification for next week’s bulletin release on Tuesday October 9, 2007 at or around 10 a.m. Pacific Time. A reminder that the information we post is intended to help with your planning for next week, but because it is preliminary information it is subject to change.

Podcasts and Peppermints

Wednesday, October 03, 2007

BlueHat v6 has wrapped and all the researchers have gone home – or have they? Around here, the buzz sparked by our guests and in-house BlueHat speakers is very much still humming. The side-meetings between researchers and Microsoft teams that I first blogged about during my first month here are continuing to be a huge benefit.

BlueHat, Day 2: Morning of Mobile, Afternoon of Cool Tools

Friday, September 28, 2007

Hello world! Katie Moussouris here at BlueHat. Yesterday’s talks certainly set the bar high. We saw topics range from Mark Russinovich’s clarification of security boundaries to Halvar Flake’s automated malware classification to Roberto Preatoni’s discussion of his exploit marketplace project, better known as WabiSabiLabi. I spent the day recording audio podcasts with each of our BlueHat speakers, getting a brief inside look at each fascinating topic – look for these in the near future on the technet website.

The new security disclosure landscape

Friday, September 28, 2007

Rain Forest Puppy ( rfp@wiretrip.net) Security disclosure has always been a contested topic, pitting “those that find the bugs” against “those that are responsible for the bugs.” In the days before security disclosure became a formal topic, those people who gave credence to some sort of moral compass often sought to follow a “gentleman’s code” that typically involved an earnest attempt to disclose the problem to the vendor and give the vendor a chance to fix it.

Vista and Vigilance

Friday, September 28, 2007

Halvar Flake, Sabre Security I have been told that I can write a blog entry for the BlueHat blog, with little or no editing, and now I sit here and have to make up something interesting to write about. I have a bit of a writers block today, caused by being tired, jetlagged, and already halfways on my way to the airport for my flight back.

BlueHat: Malware, Isolation and Security Boundaries: It’s Harder than it Looks

Thursday, September 27, 2007

Mark Russinovich here from BlueHat. This is the first time that Microsoft has used internal speakers at its BlueHat security conference and I’m excited to be one of them. When I was approached with the invitation to present a session, I immediately thought of all the fun topics I’d like to talk about.

Microsoft, Mobile, and Security

Thursday, September 27, 2007

Ollie Whitehouse Architect, Advanced Threat Research, Symantec Corporation So if you had told me that one day I would be invited to Microsoft to talk about a subject I’ve now been involved in researching on and off for over six years and something I must say that has burned in my belly with passion for most for most of it, I would have said ‘unlikely’.

Microsoft Security Response Center Blog