Tuesday, July 18, 2006
What’s that? A post from Craig Gehre, and it’s not release day? Yes, it is me again. As most of you know, we monitor the post release environment very carefully to make sure that all the deployment tools are working as intended and people are able to get the updates. I wanted to note that last night we fixed a couple of issues from last week’s release that we had been tracking.
Monday, July 17, 2006
Stepto here again. We’ve just posted the advisory on the PowerPoint vulnerability. It can be found here: http://www.microsoft.com/technet/security/advisory/922970.mspx S. *This posting is provided “AS IS” with no warranties, and confers no rights.*
Friday, July 14, 2006
Stepto here. We’ve been made aware of a vulnerability affecting PowerPoint that we wanted to let you know about, that appears to be involved in very targeted attacks. Like most of the recent Office vulnerabilities we’ve seen, a user must first open a malicious document that is sent as an email attachment or otherwise provided to them by an attacker.
Wednesday, July 12, 2006
I wanted to let you know of another issue that has popped up. We received reports a few hours ago that users of SUS 1.0 were not being offered security updates for Windows 2003 for the bulletins we just released yesterday. We just pushed the fix for this issue live. That means that all SUS 1.
Tuesday, July 11, 2006
Two blog entries in one day. Not what I intended, honest. Those of you that use SMS or WSUS have probably been struggling with the download of WSUSscan.cab. The reason for the delay is that we had problems in our virus scanning labs right before the cab gets pushed live. The issue was resolved and the new cab for the July security release is now live.
Tuesday, July 11, 2006
Today we released 7 new security bulletins. We had some publishing issues pop up this morning that I think you should be aware of. The below items went live a bit later than the normal 10AM-ish time. We are working on getting these items live and you should start seeing them soon.
Monday, July 10, 2006
Hello, this is Mike Reavey. I wanted to take a moment and pass on some information about a claim that was posted late Friday about a possible unchecked boundary condition vulnerability in Microsoft Word. The claim was that this could enable an attacker to execute malicous code by convincing a user to open a malformed Word document.
Thursday, July 06, 2006
Hello, This is Christopher Budd. It’s the Thursday before the second Tuesday of the month, and that means we’ve posted our Advanced Notificationfor the July 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on July 11, 2006 at approximately 10:00 am PT we are slated to release seven new security bulletins:
Wednesday, June 28, 2006
Adrian here again. Just wanted to post real quickly to let you know we’re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we’re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we’re investigating.
Tuesday, June 27, 2006
Hey everyone, this is Adrian Stone here and up until recently I was the newest member of the MSRC. I wanted to use my first post to let everyone know that we have updated MS06-025 complete with updated binaries for the affected platforms. As many of you may know, there were some issues identified after the initial release affecting some users who required the use of legacy dial-up connections that use a terminal window, or dial-up scripting, or used scripts to change device configuration parameters.
