Skip to main content
MSRC

Microsoft Security Response Center Blog

Two new and one updated advisory discussing PoC and exploits

Friday, September 29, 2006

Lennart Wistrand here. This week we’ve seen both proof of concept code posted for a Windows Shell vulnerability. We have also seen limited exploits of a previously publicly disclosed vulnerability in DirectAnimation as well as limited exploits of a PowerPoint vulnerability. We’ve made the Windows Shell advisory available to advise customers of this public PoC.

MS06-055 release.

Tuesday, September 26, 2006

Hey everyone, Craig Gehre here. We’re in the process of releasing out of band update MS06-055 to address the VML issue. At the moment, Windows Update, Microsoft Update, and Autoupdate are live. We’re in the process of publishing the bulletin, associated packages, and updated content for WSUS, MBSA1.2.1, EST, and MBSA 2.

Update on today's out of band release

Tuesday, September 26, 2006

Hi everyone, Scott here to tell you about today’s out of band release. Everything should be available at this point. With this particular vulnerability, the biggest concern we had was around risk. This one affected many different platforms in many scenarios that are considered by customers to be common usage. While the attacks we saw were very limited, our decision to go out of band on this release was really around the risk in combination with the attacks.

A quick entry on the VML issue.

Friday, September 22, 2006

Hi everyone, Scott Deacon here again. Wanted to update you on what we’ve seen to date with the VML issue. Attacks remain limited. There’s been some confusion about that, that somehow attacks are dramatic and widespread. We’re just not seeing that from our data, and our Microsoft Security Response Alliance partners aren’t seeing that at all either.

Microsoft Security Advisory (925568) Posted.

Tuesday, September 19, 2006

Morning, Scott here from the MSRC Operations team again, I wanted to let everyone know that we have just posted Microsoft Security Advisory (925568). You can read more in the advisory, but after working with the folks from the X-Force team at ISS, we confirmed new public reports of a vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML).

Known Issue Documented for MS06-049

Friday, September 15, 2006

Hey everyone this is Adrian Stone and I wanted to let you know about a very limited issue that some Windows 2000 customers are experiencing after the installation of MS06-049. We just became aware of this issue due to customer reports earlier this week, and have been verifying the reports and understanding the root cause of the issue for the past two days.

Microsoft Security Advisory (925444) Posted

Friday, September 15, 2006

Hello, This is Christopher Budd. Very quickly, I wanted to let you know that we’ve just posted Microsoft Security Advisory (925444). This Advisory talks about how we are also aware of proof of concept code published publicly affecting Microsoft DirectAnimation Path ActiveX control, which is included in Daxctle.ocx. This vulnerability may allow an attacker to execute code on a user’s machine by convincing them to visit a malicious website using Internet Explorer.

September 2006 Monthly Bulletin Release

Tuesday, September 12, 2006

Hello, This is Christopher Budd. I wanted to take a moment to let you know that we’ve posted our security bulletins for September 2006. Specifically, this month, we’re releasing: MS06-052 applies to Microsoft Windows and is rated Important MS06-053 applies to Microsoft Windows and is rated as Moderate MS06-054 applies to Microsoft Office and is rated as Critical for earlier versions and Important for more recent versions.

September 2006 Advance Notification

Thursday, September 07, 2006

Hello, This is Christopher Budd. I wanted to go ahead and let people know that we’ve posted our Advance Notificationfor September 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on September 12, 2006 at approximately 10:00 am PT we are slated to release three new security bulletins: • Two Microsoft Security Bulletins affecting Microsoft Windows.

MS06-042 Re-released

Thursday, August 24, 2006

Hey folks - Mike Reavey here, I wanted to follow up on our Security Advisorywe released on Tuesday about the re-release of MS06-042for IE 6.0 SP1 customers. We’ve resolved the issues that delayed the re-release and have released the revised update. The revised update fully resolves the security vulnerability we discussed in the Advisory.