Thursday, November 16, 2006
Hello, This is Adrian Stone. I wanted to let you know that we just posted Microsoft Security Advisory (928604). Microsoft is aware of public proof of concept code targeting the vulnerability addressed by security update MS06-070. At this time Microsoft has not seen any indications of active exploitation of the vulnerability.
Tuesday, November 14, 2006
Hey folks - Mike Reavey here. I wanted to let you know we’ve released our security bulletins for the month of November 2006 here today. We’re releasing six new security bulletins today: · Microsoft Windows (MS06-066) · maximum severity rating of Important · vulnerabilities could allow an attacker to remotely take complete control of an affected system.
Friday, November 10, 2006
Hi everyone. Brian and Jonathan, software security engineers from the SWI team here. Alexandra Huft from the MSRC team asked us to write a guest blog entry giving an update into the technical investigation of the PowerPoint 2003 proof-of-concept code published a few weeks ago which was previously blogged about here (http://blogs.
Thursday, November 09, 2006
Hello, This is Christopher Budd, program manager here at the MSRC. It’s the Thursday before the second Tuesday and so I wanted to go ahead and let people know that we’ve posted our Advance Notification for November 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on Nov. 14, 2006 at approximately 10:00 am PT we are slated to release six new security bulletins:
Saturday, November 04, 2006
Hello, Ben Richeson here. I wanted to let you know that we just posted Microsoft Security Advisory (927892) about our investigation of public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability.
Tuesday, October 31, 2006
Hello, Christopher Budd here. Very quickly, I wanted to let people know that we just posted Microsoft Security Advisory (927709) that talks about public proof of concept code published on an issue in the WMI Object Broker ActiveX control. We are aware of the possibility of limited attacks that are attempting to use the reported vulnerability.
Monday, October 30, 2006
Hello, This is Christopher Budd. We’ve gotten some questions from customers about a new public claim of a spoofing vulnerability affecting IE 7. Because Microsoft had previously determined that this actually isn’t a security vulnerability, there has been some confusion over these new reports. So, I wanted to take a moment and explain what’s going on here to help people understand the issue.
Thursday, October 26, 2006
Hi Everyone Scott here from the MSRC operations team with a real quick update, I wanted to let everyone know that we are fully aware of the recent Proof of Concept (POC) code posting regarding ADODB.Connection. We have initiated our Software Security Incident Response Process to investigate this issue. Once we have completed the investigation and understand if there is a threat to customers we will take the appropriate action to protect and provide guidance – as required.
Wednesday, October 25, 2006
Hello, This is Christopher Budd. I wanted to take a moment and let people know some information about a new public report about a possible vulnerability in Internet Explorer we’ve received today. As soon as we learned of the report we started an investigation into the issue and we have some information we can share on this.
Monday, October 23, 2006
Sarah Blankinship here. I’m in the Security Technology Unit (STU), a group responsible for product security at Microsoft. One of the STU’s charters is securing products we have and have not shipped yet. So what is BlueHat? A hacker conference? A way to lure unsuspecting researchers to Microsoft? The /. comments and speculation about our real motivation for hosting hackers at Microsoft are ever entertaining, however BlueHat is about providing a consistent forum for presenting cutting-edge research, for understanding issues that affect both Microsoft and the entire industry, and great way to inform and educate our developer population.
