2007 | Microsoft Security Response Center

April 2007 Monthly Bulletin Release

Tuesday, April 10, 2007

Hi Everyone! This is Tami Gallupe, with MSRC, and here is our update on the bulletins we released today. Today we released 5 bulletins: 4 have a maximum severity rating of Critical, and one has a maximum severity rating of Important. The bulletins are as follows: Microsoft Content Management Server (MS07-018) Maximum severity rating of Critical Could Allow Remote Code Execution Universal Plug and Play (MS07-019) Maximum severity rating of Critical Could Allow Remote Code Execution Microsoft Agent (MS07-020) Maximum severity rating of Critical Could Allow Remote Code Execution CSRSS (MS07-021) (Maximum severity rating of Critical Could Allow Remote Code Execution Windows Kernel (MS07-022) Maximum severity rating of Important Could Allow Remote Elevation of Privilege As Christopher mentioned in his blog on Friday, in addition to today’s bulletins, we’ve also released a hotfix to help resolve the known issues related to MS07-017 with applications detailed in Microsoft Knowledge Base Article 925902.

Microsoft Knowledge Base Article 925902 Updated

Friday, April 06, 2007

Hello this is Christopher Budd. Since MS07-017 was released out-of-band on Tuesday to protect customers from attacks exploiting the Windows Animated Cursor Handling vulnerability, we wanted to provide additional information regarding an update to the known issue Knowledge Base article with information that may impact customers. As I noted on Tuesday, our regular process is to document known issues in the Master Knowledge Base article referenced in the “Caveats” section of the security bulletin.

April 2007 Advance Notification

Thursday, April 05, 2007

Hello everyone, This is Christopher Budd once again. I noted on Tuesday when discussing the release of MS07-017 that our out of band release was not cancelling our regularly scheduled April 2007 release. In that vein, as part of our regular release process, this being the Thursday before the second Tuesday, we’ve posted our Advance Notification like we always do.

An inside look into building and releasing MS07-017

Tuesday, April 03, 2007

Hey Folks – this is Mike Reavey. We’re all glad that MS07-017 – the Security Bulletin that fixes the vulnerability in Animated Cursor Handling (CVE-2007-1215) – has been released, helping to block attacks on that vulnerability. While we released it within 5 days of being notified of attacks, we have received questions from customers about why it took us 3 months to develop and release the fix for this vulnerability.

MS07-017 Released

Tuesday, April 03, 2007

Hello everyone, This is Christopher Budd. I wanted to follow up on my posting from Sunday night to let you know that we’ve released the security update, MS07-017, that addresses the vulnerability in Windows Animated Cursor Handling. As I noted on Sunday night, we originally planned to release the update on Tuesday, April 10, 2007 as part of our regular monthly release of security bulletins.

Latest on security update for Microsoft Security Advisory 935423

Sunday, April 01, 2007

Hello everyone, this is Christopher Budd. We have some new information tonight on the status of the security update that we’re working on that addresses the vulnerability in Windows Animated Cursor Handling. From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat.

Microsoft Security Advisory 935423 and Windows Server 2003 SP2

Saturday, March 31, 2007

Hello everyone, this is Christopher Budd. As I noted yesterday, we have teams doing ongoing investigation and research around the technical issues for the vulnerability in Windows Animated Cursor Handling. Today, we’ve made an update to the advisory with additional information from that ongoing work. We’ve added information regarding Windows 2003 Service Pack 2 in the “Related Software” section to note that these versions are affected by the issue as well.

Update on Microsoft Security Advisory 935423

Friday, March 30, 2007

Hello everyone, This is Christopher Budd. We’ve gotten some questions from customers around the security advisory that we released yesterday, Microsoft Security Advisory (935423). Specifically, we’ve been getting questions about: · When we learned about the vulnerability · When we learned about the attack · What we’re doing to help protect customers

Microsoft Security Advisory 935423 Posted

Thursday, March 29, 2007

Hey everyone this is Adrian Stone, I wanted to let people know that we have just posted Microsoft Security Advisory (935423). This advisory addresses new public reports of very limited attacks against a newly reported vulnerability in Microsoft Windows Animated cursor handling. We’ve activated our Software Security Incident Response Process (SSIRP) and there are few items worth noting:

March 2007 Bulletin Release Day

Tuesday, March 13, 2007

Hello, this is Christopher Budd, Since it’s the second Tuesday for March, I wanted to go ahead and make a short posting to confirm what we announced last Thursday: we are not releasing any security updates today. We are releasing an update to the Malicious Software Removal Tool today: this month’s update removes Win32/Alureon and you can download the tool at www.