Friday, December 15, 2006
We wanted to follow up with Office for Mac users on what to do if you installed the pre-release security updates released on Tuesday. Because the Office for Mac update that was erroneously released had additional, non-security fixes, the Office for Mac team would like to distribute a new update to its customers that includes all the fixes unrelated to security.
Friday, December 15, 2006
Hey everyone, Alexandra Huft here. I wanted to try and summarize/clarify for everyone the three current Word Zero-Day issues that have been reported to Microsoft. First, I wanted everyone to know that we’re actively investigating and monitoring all of these issues through our Software Security Incident Response Process and we are working on developing and testing security updates for the three issues, which we’ll release as part of our release process once they’ve reached an appropriate level of quality.
Tuesday, December 12, 2006
Hello, this is Christopher Budd. I wanted to let you know that as part of our standard monthly bulletin release process we’ve released our security bulletins for December 2006. · Microsoft Windows ( MS06-072) · maximum severity rating of Critical** · vulnerabilities could allow an attacker to remotely take complete control of an affected system.
Tuesday, December 12, 2006
We’ve seen some questions from customers about some security updates that posted for a while today for Office for Mac that they didn’t see any security bulletins for. I wanted to let you know that these weren’t security updates related to this month’s release or the two Word issues we’ve written about in Security Advisory 929433 and on our weblog: those investigations are still underway and we’ll release updates for those issues once we’ve met the appropriate quality bar.
Sunday, December 10, 2006
Hi All, Scott Deacon here, well a busy week extends into a busy weekend for the MSRC!! We are investigating reports of another new vulnerability in Microsoft Word – initial investigation has shown that this is a different issue to that reported in Microsoft Security Advisory 929433. Our initial investigation has discovered that Word 2000, Word 2002, Word 2003 and the Word Viewer 2003 are affected, but Word 2007 is NOT affected by the vulnerability.
Thursday, December 07, 2006
Hello, This is Christopher Budd and I’m posting here today to let you know that we’ve posted our Advanced Notification for the December 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on December 12, 2006 at approximately 10:00 am PT we are slated to release six new security bulletins: Five Microsoft Security Bulletins affecting Microsoft Windows.
Thursday, December 07, 2006
Hey everyone this is Alexandra Huft I wanted to let you know that we’re aware of proof-of-concept code published publicly affecting Windows Media ASX file format. We are currently investigating this report. We are not currently aware of attempts to exploit this vulnerability. The ASX file format is an XML-based media file format which is processed by Windows Media Player.
Thursday, December 07, 2006
Hi, this is Christopher Budd. We’ve gotten some question from customers about what we mean when we say we’re aware of “very limited, targeted attacks” in a security advisory. I wanted to take a moment and help give some clarity. When we talk about “very limited, targeted attacks” we specifically mean this in contrast to attacks that affect a broad number of customers randomly.
Tuesday, December 05, 2006
Hey everyone this is Alexandra Huft I wanted to let people know that we just posted Microsoft Security Advisory (929433) which involves Microsoft Word. We are currently investigating a report of a proof of concept which may allow an attacker to execute code on a user’s machine by convincing them to open a specially-crafted Word document.
Tuesday, November 21, 2006
Hello, This is Christopher Budd. I wanted to follow up our posting on the November 2006 Monthly Bulletin release to let folks know that MS06-071 has been made available for SUS 1.0. Those of you who are SUS 1.0 administrators should begin to see those updates show up for your approval.
