Thursday, April 19, 2007
Hi Everyone, This is Mark Miller. For those who may not know, I’ve been the Director of Security Response Communications since October of last year. I wanted to let you all know that we have implemented a new Windows Live Alert for postings to this blog. These alerts are delivered to your email inbox, SMS and/or instant messaging and will let you know that we’ve posted something here.
Thursday, April 19, 2007
Hello everyone, This is Christopher Budd. I wanted to let you know that we’ve made a revision to our security advisory to provide some additional details and clarifications. First, though, I wanted to let you know that the situation has not changed. Our teams are continuing to work on developing and testing updates for this issue, and our ongoing monitoring of the situation shows that attacks are still not widespread.
Wednesday, April 18, 2007
Hello, This is Christopher Budd. I wanted to let you know about two updates we’ve made as part of our regular process to Knowledge Base article 925902. These discuss new known issues a small number of customers have encountered with MS07-017. First, we’ve added BMC PATROL 7.1 (now called Performance Manager, by BMC Software, Inc) to the list of applications affected by the issue discussed in Knowledge Base article 935448.
Tuesday, April 17, 2007
Hello everyone, This is Christopher Budd. I wanted to give you the latest information from our monitoring of the new attack we mentioned yesterday. I also wanted to address questions we’ve gotten from customers about when we think we’ll have updates ready to address this issue. We have been monitoring the situation overnight and working with our Microsoft Security Response Alliance (MSRA) partners and attacks are still not widespread.
Monday, April 16, 2007
Hello everyone, this is Christopher Budd. I wanted very quickly to update you with some new, important, information that we have on this situation. Our ongoing monitoring in conjunction with our MSRA partners indicates that we are seeing a new attack that is attempting to exploit this vulnerability. At this time, the attack does not appear widespread.
Sunday, April 15, 2007
Hello everyone, This is Christopher Budd. I wanted to give you a brief update with the latest information on the situation from our ongoing work over the weekend. Our teams are continuing their work to develop a security update to address this issue. Our ongoing monitoring of attacks in conjunction with our MSRA partners indicates that attacks are still limited.
Friday, April 13, 2007
Hello everyone, This is Christopher Budd. As Adrian noted last night, we posted Microsoft Security Advisory 935964 with information customers can use to protect themselves against the vulnerability in Windows DNS server. While we have no new information about the situation from last night, I did want to give some additional detail and clarification to customers.
Thursday, April 12, 2007
Hey everyone this is Adrian Stone, I wanted to let people know that we have just posted Microsoft Security Advisory (935964). This advisory talks about a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service. Our investigation has shown that this affects Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2.
Tuesday, April 10, 2007
Hi Everyone! This is Tami Gallupe, with MSRC, and here is our update on the bulletins we released today. Today we released 5 bulletins: 4 have a maximum severity rating of Critical, and one has a maximum severity rating of Important. The bulletins are as follows: Microsoft Content Management Server (MS07-018) Maximum severity rating of Critical Could Allow Remote Code Execution Universal Plug and Play (MS07-019) Maximum severity rating of Critical Could Allow Remote Code Execution Microsoft Agent (MS07-020) Maximum severity rating of Critical Could Allow Remote Code Execution CSRSS (MS07-021) (Maximum severity rating of Critical Could Allow Remote Code Execution Windows Kernel (MS07-022) Maximum severity rating of Important Could Allow Remote Elevation of Privilege As Christopher mentioned in his blog on Friday, in addition to today’s bulletins, we’ve also released a hotfix to help resolve the known issues related to MS07-017 with applications detailed in Microsoft Knowledge Base Article 925902.
Friday, April 06, 2007
Hello this is Christopher Budd. Since MS07-017 was released out-of-band on Tuesday to protect customers from attacks exploiting the Windows Animated Cursor Handling vulnerability, we wanted to provide additional information regarding an update to the known issue Knowledge Base article with information that may impact customers. As I noted on Tuesday, our regular process is to document known issues in the Master Knowledge Base article referenced in the “Caveats” section of the security bulletin.
