Saturday, August 12, 2006
Stepto here. It’s a late, late Saturday night. We’ve been made aware of a recent SANS Internet Storm Center diary post several hours ago regarding an active exploit on MS06-040. We wanted to let you know what we’ve been doing about the situation and what we know. Our AV teams have labeled this Win32/Graweg.
Friday, August 11, 2006
Hey folks - Mike Reavey here, providing you with a quick update on MS06-040. This morning we released Security Advisory 922437 because we’re aware of exploit code that has been published on the Internet for the vulnerability that is addressed by Microsoft security bulletin MS06-040. We’ve verified that this exploit code can allow remote code to execute on Windows 2000 and Windows XP Service Pack 1 only.
Wednesday, August 09, 2006
Hi Christopher Budd here, We’re into the second day of our August 2006 release and I wanted to check back and let folks know how things are going with this release. It’s been about 30 hours since we posted the security updates and I’m happy to be able to say we’ve had well over 100 million downloads of the update for MS06-040 (that’s nearly 3.
Tuesday, August 08, 2006
Hey everyone - Adrian Stone here again, stepping in for Craig Gehre to provide a quick overview of the security updates we’ve released Today. The full list of the updates released today are below, and, as always, additional information on the specific vulnerabilities resolved with this release are included within each security bulletin.
Friday, July 28, 2006
Hey everyone, this is Adrian Stone from the MSRC and I wanted to take a moment to clarify some recent reports about a vulnerability that was not addressed in this month’s MS06-035security update. As soon as we heard about the posting, we initiated our Software Security Incident Response Processto investigate. We now have a good understanding of the issue and we are conducting a thorough investigation into this area of code to make sure we can deliver a security update that is complete and meets our quality bar.
Tuesday, July 18, 2006
What’s that? A post from Craig Gehre, and it’s not release day? Yes, it is me again. As most of you know, we monitor the post release environment very carefully to make sure that all the deployment tools are working as intended and people are able to get the updates. I wanted to note that last night we fixed a couple of issues from last week’s release that we had been tracking.
Monday, July 17, 2006
Stepto here again. We’ve just posted the advisory on the PowerPoint vulnerability. It can be found here: http://www.microsoft.com/technet/security/advisory/922970.mspx S. *This posting is provided “AS IS” with no warranties, and confers no rights.*
Friday, July 14, 2006
Stepto here. We’ve been made aware of a vulnerability affecting PowerPoint that we wanted to let you know about, that appears to be involved in very targeted attacks. Like most of the recent Office vulnerabilities we’ve seen, a user must first open a malicious document that is sent as an email attachment or otherwise provided to them by an attacker.
Wednesday, July 12, 2006
I wanted to let you know of another issue that has popped up. We received reports a few hours ago that users of SUS 1.0 were not being offered security updates for Windows 2003 for the bulletins we just released yesterday. We just pushed the fix for this issue live. That means that all SUS 1.
Tuesday, July 11, 2006
Two blog entries in one day. Not what I intended, honest. Those of you that use SMS or WSUS have probably been struggling with the download of WSUSscan.cab. The reason for the delay is that we had problems in our virus scanning labs right before the cab gets pushed live. The issue was resolved and the new cab for the July security release is now live.
