Sunday, April 15, 2007
Hello everyone, This is Christopher Budd. I wanted to give you a brief update with the latest information on the situation from our ongoing work over the weekend. Our teams are continuing their work to develop a security update to address this issue. Our ongoing monitoring of attacks in conjunction with our MSRA partners indicates that attacks are still limited.
Friday, April 13, 2007
Hello everyone, This is Christopher Budd. As Adrian noted last night, we posted Microsoft Security Advisory 935964 with information customers can use to protect themselves against the vulnerability in Windows DNS server. While we have no new information about the situation from last night, I did want to give some additional detail and clarification to customers.
Thursday, April 12, 2007
Hey everyone this is Adrian Stone, I wanted to let people know that we have just posted Microsoft Security Advisory (935964). This advisory talks about a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service. Our investigation has shown that this affects Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2.
Tuesday, April 10, 2007
Hi Everyone! This is Tami Gallupe, with MSRC, and here is our update on the bulletins we released today. Today we released 5 bulletins: 4 have a maximum severity rating of Critical, and one has a maximum severity rating of Important. The bulletins are as follows: Microsoft Content Management Server (MS07-018) Maximum severity rating of Critical Could Allow Remote Code Execution Universal Plug and Play (MS07-019) Maximum severity rating of Critical Could Allow Remote Code Execution Microsoft Agent (MS07-020) Maximum severity rating of Critical Could Allow Remote Code Execution CSRSS (MS07-021) (Maximum severity rating of Critical Could Allow Remote Code Execution Windows Kernel (MS07-022) Maximum severity rating of Important Could Allow Remote Elevation of Privilege As Christopher mentioned in his blog on Friday, in addition to today’s bulletins, we’ve also released a hotfix to help resolve the known issues related to MS07-017 with applications detailed in Microsoft Knowledge Base Article 925902.
Friday, April 06, 2007
Hello this is Christopher Budd. Since MS07-017 was released out-of-band on Tuesday to protect customers from attacks exploiting the Windows Animated Cursor Handling vulnerability, we wanted to provide additional information regarding an update to the known issue Knowledge Base article with information that may impact customers. As I noted on Tuesday, our regular process is to document known issues in the Master Knowledge Base article referenced in the “Caveats” section of the security bulletin.
Thursday, April 05, 2007
Hello everyone, This is Christopher Budd once again. I noted on Tuesday when discussing the release of MS07-017 that our out of band release was not cancelling our regularly scheduled April 2007 release. In that vein, as part of our regular release process, this being the Thursday before the second Tuesday, we’ve posted our Advance Notification like we always do.
Tuesday, April 03, 2007
Hey Folks – this is Mike Reavey. We’re all glad that MS07-017 – the Security Bulletin that fixes the vulnerability in Animated Cursor Handling (CVE-2007-1215) – has been released, helping to block attacks on that vulnerability. While we released it within 5 days of being notified of attacks, we have received questions from customers about why it took us 3 months to develop and release the fix for this vulnerability.
Tuesday, April 03, 2007
Hello everyone, This is Christopher Budd. I wanted to follow up on my posting from Sunday night to let you know that we’ve released the security update, MS07-017, that addresses the vulnerability in Windows Animated Cursor Handling. As I noted on Sunday night, we originally planned to release the update on Tuesday, April 10, 2007 as part of our regular monthly release of security bulletins.
Sunday, April 01, 2007
Hello everyone, this is Christopher Budd. We have some new information tonight on the status of the security update that we’re working on that addresses the vulnerability in Windows Animated Cursor Handling. From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat.
Saturday, March 31, 2007
Hello everyone, this is Christopher Budd. As I noted yesterday, we have teams doing ongoing investigation and research around the technical issues for the vulnerability in Windows Animated Cursor Handling. Today, we’ve made an update to the advisory with additional information from that ongoing work. We’ve added information regarding Windows 2003 Service Pack 2 in the “Related Software” section to note that these versions are affected by the issue as well.
