Microsoft Security Response Center

Re-release of MS07-002 for Excel 2000

Thursday, January 18, 2007

Hello, this is Christopher Budd. Very quickly, I wanted to let you know that we’ve just re-released MS07-002 for Excel 2000 only. The original version released on January 9, 2007 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update did not correctly process the phonetic information that is embedded in files that are created by using Excel in the Korean, Chinese, or Japanese executable mode.

SUS 1.0 Information around Tuesday's Release

Wednesday, January 10, 2007

Hello, This is Christopher Budd. We’ve gotten some questions from SUS 1.0 customers about yesterday’s release that I wanted to take a moment and address. Due to The last minute changes in the release that we updated you on last Friday, there is a delay in the updates for SUS 1.

January 2007 Monthly Security Bulletin Release

Tuesday, January 09, 2007

Hello, this is Christopher Budd I wanted to let you know that as part of our standard monthly bulletin release process we’ve released our security bulletins for January 2007. · Microsoft Office (MS07-001) · maximum severity rating of Important** · vulnerabilities could allow an attacker to run code in the context of the logged on user.

January 2007 Advance Notification

Thursday, January 04, 2007

Hello, Happy New Year everyone. This is Christopher Budd and it’s the Thursday before the Second Tuesday of January 2007. As we do each month at this time, we’ve posted our Advance Notification for the upcoming security bulletin release. Next Tuesday, on January 9, 2007 at approximately 10:00 am PT we are slated to release:

New report of a Windows vulnerability

Thursday, December 21, 2006

Hi everyone, As usual the holiday season is a busy time for everyone including those of us here in the MSRC. I hope that everyone has finished their holiday shopping so they can enjoy the long weekend. This is Mike Reavey by the way in case anyone was wondering. Aside from discussing the holidays, the reason I am dropping in on the blog is that right now we are closely monitoring developments related to a public posting of proof of concept code targeting an issue with the Client Server Run-Time Subsystem.

Update on accidental posting of pre-release security updates for Office for Mac

Friday, December 15, 2006

We wanted to follow up with Office for Mac users on what to do if you installed the pre-release security updates released on Tuesday. Because the Office for Mac update that was erroneously released had additional, non-security fixes, the Office for Mac team would like to distribute a new update to its customers that includes all the fixes unrelated to security.

Update on Current Word Vulnerability Reports

Friday, December 15, 2006

Hey everyone, Alexandra Huft here. I wanted to try and summarize/clarify for everyone the three current Word Zero-Day issues that have been reported to Microsoft. First, I wanted everyone to know that we’re actively investigating and monitoring all of these issues through our Software Security Incident Response Process and we are working on developing and testing security updates for the three issues, which we’ll release as part of our release process once they’ve reached an appropriate level of quality.

December 2006 Monthly Security Bulletin Release

Tuesday, December 12, 2006

Hello, this is Christopher Budd. I wanted to let you know that as part of our standard monthly bulletin release process we’ve released our security bulletins for December 2006. · Microsoft Windows ( MS06-072) · maximum severity rating of Critical** · vulnerabilities could allow an attacker to remotely take complete control of an affected system.

Information on accidental posting of pre-release security updates for Office for Mac

Tuesday, December 12, 2006

We’ve seen some questions from customers about some security updates that posted for a while today for Office for Mac that they didn’t see any security bulletins for. I wanted to let you know that these weren’t security updates related to this month’s release or the two Word issues we’ve written about in Security Advisory 929433 and on our weblog: those investigations are still underway and we’ll release updates for those issues once we’ve met the appropriate quality bar.

New Report of A Word Zero Day

Sunday, December 10, 2006

Hi All, Scott Deacon here, well a busy week extends into a busy weekend for the MSRC!! We are investigating reports of another new vulnerability in Microsoft Word – initial investigation has shown that this is a different issue to that reported in Microsoft Security Advisory 929433. Our initial investigation has discovered that Word 2000, Word 2002, Word 2003 and the Word Viewer 2003 are affected, but Word 2007 is NOT affected by the vulnerability.

Microsoft Security Response Center Blog