Wednesday, December 07, 2005
We’ve received some questions regarding a reported cross-site scripting (XSS) issue affecting Internet Explorer. Google Desktop was used in a proof of concept to demonstrate how, in some cases, this issue could allow an attacker to obtain sensitive information. This issue may be a bit confusing because it is not really an XSS issue.
Tuesday, November 29, 2005
Hi everyone, I’ve been working on my IT Forum update recapping our trip to Barcelona. But I wanted to go ahead and let you know some breaking information. We’ve been made aware that there has been some malicious software exploiting the recently publicly disclosed Internet Explorer vulnerability. We have just updated our security advisory to reflect this new information, and wanted to let you know that you can visit Windows Live Safety Center if you think you might be infected as a result of this vulnerability.
Monday, November 21, 2005
Stephen Toulouse here. Just wanted to make everyone aware that this evening we’ve posted a security advisory regarding a publicly disclosed issue in Internet Explorer. You can read all the details here. S. *This posting is provided “AS IS” with no warranties, and confers no rights.*
Thursday, November 17, 2005
Hello readers, Mike Reavey here. There has been a fair amount of attention around the ”Sony XCP software” over the last many days. As you may know from the anti-malware blog, Windows Defender and Windows AntiSpyware Beta have included detection and removal for the rootkit component of this software. However, there are also some questions regarding the ActiveX control that was released by Sony to allow the removal of the rootkit.
Tuesday, November 15, 2005
Stephen Toulouse here. I just finished my presentation on the Microsoft Security Response Center here at IT Forum. It was a good talk and I got some great feedback on our security efforts. I also snapped some pics! Here’s here’s the room I presented in before they let people in, here’s the Microsoft booth, here’s the MSRC booth, here’s the ask the experts section, and here’s the exhibition floor just before they opened it.
Saturday, November 12, 2005
Hi everyone, Stephen Toulouse here. I’m typing these words at a speed of about 560 miles an hour currently over the northwest portion of Canada. I’m flying the night time SAS flight from Seattle to Europe for IT Forum in Barcelona and just had to blog. They have Connexion by Boeing on this flight.
Thursday, November 10, 2005
Stephen Toulouse here! Just wanted to let you know that last night we posted a detailed security advisory on the Macromedia Flash Player vulnerability. You can check it out here. Also, the SUS 1.0 problem with Tuesday’s update has been addressed and it’s online. Just to let you know, we had an unforeseen problem with a machine that handles creating those packages and we’re investigating how we can prevent such things in the future.
Wednesday, November 09, 2005
Sup folks, Craig here. Remember what I said about that Murphy guy? Well we’ve run across an issue affecting SUS 1.0 that we’re investigating whereby the update can’t be deployed. We hope to have a resolution soon on it. WSUS and other deployment tools are unaffected. We’ll post more as soon as we can.
Tuesday, November 08, 2005
Craig here. One bulletin. No big whoop right? Impossible. Someone needs to knock that Murphy dude around, because his laws are not cool. Anyways we got the bulletin out. Detection and Deployment will be like most other Windows bulletins. Windows and Microsoft Update, SMS, SUS, and MBSA are all there for you.
Monday, November 07, 2005
Hi everyone, Stephen Toulouse here. There’s been some questions regarding a recent security vulnerability in Macromedia Flash Player, which is a third party product that shipped with Windows XP Service Pack 1 and Windows XP Service Pack 2. The MSRC is in communication with Macromedia, and we know that Macromedia has made an update available on their website.
