Thursday, October 19, 2006
¡Hola everyone!, Ben Richeson here. I just want to take a quick moment here to introduce myself as one of the newest members to the MSRC as well as to post (my first blog entry!) about an update to MS06-061. Today, MS06-061 has been re-released to re-offer a revised version of the security update to customers with Windows 2000 Service Pack 4 only.
Thursday, October 19, 2006
Hi, this is Christopher Budd. We’ve gotten some questions here today about public reports claiming there’s a new vulnerability in Internet Explorer 7. This is an issue that we have under investigation and so we have some technical information we can share about the issue. These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all.
Thursday, October 12, 2006
Hey everyone this is Alexandra Huft, I wanted to let you know that we’ve been made aware of proof of concept code published publicly affecting Microsoft Office 2003 PowerPoint. We are currently investigating this report. The reported proof of concept may allow an attacker to execute code on a user’s machine by convincing them to open a specially-crafted PowerPoint file.
Tuesday, October 10, 2006
Hey everyone, Craig Gehre here. We’re in the process of releasing our October 2006 Security Bulletins and I wanted to go ahead and update you on it. We’re releasing ten new Security Bulletins this month: MS06-056 addresses a vulnerability in Microsoft Windows and has a maximum severity rating of Moderate.
Thursday, October 05, 2006
Hello, This is Christopher Budd. It’s the Thursday before the second Tuesday and so I wanted to go ahead and let people know that we’ve posted our Advance Notificationfor October 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on October 10, 2006 at approximately 10:00 am PT we are slated to release eleven new security bulletins:
Friday, September 29, 2006
Lennart Wistrand here. This week we’ve seen both proof of concept code posted for a Windows Shell vulnerability. We have also seen limited exploits of a previously publicly disclosed vulnerability in DirectAnimation as well as limited exploits of a PowerPoint vulnerability. We’ve made the Windows Shell advisory available to advise customers of this public PoC.
Tuesday, September 26, 2006
Hey everyone, Craig Gehre here. We’re in the process of releasing out of band update MS06-055 to address the VML issue. At the moment, Windows Update, Microsoft Update, and Autoupdate are live. We’re in the process of publishing the bulletin, associated packages, and updated content for WSUS, MBSA1.2.1, EST, and MBSA 2.
Tuesday, September 26, 2006
Hi everyone, Scott here to tell you about today’s out of band release. Everything should be available at this point. With this particular vulnerability, the biggest concern we had was around risk. This one affected many different platforms in many scenarios that are considered by customers to be common usage. While the attacks we saw were very limited, our decision to go out of band on this release was really around the risk in combination with the attacks.
Friday, September 22, 2006
Hi everyone, Scott Deacon here again. Wanted to update you on what we’ve seen to date with the VML issue. Attacks remain limited. There’s been some confusion about that, that somehow attacks are dramatic and widespread. We’re just not seeing that from our data, and our Microsoft Security Response Alliance partners aren’t seeing that at all either.
Tuesday, September 19, 2006
Morning, Scott here from the MSRC Operations team again, I wanted to let everyone know that we have just posted Microsoft Security Advisory (925568). You can read more in the advisory, but after working with the folks from the X-Force team at ISS, we confirmed new public reports of a vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML).
