MSRC Blog | Microsoft Security Response Center

Microsoft Knowledge Base Article 925902 Updated

Friday, April 06, 2007

Hello this is Christopher Budd. Since MS07-017 was released out-of-band on Tuesday to protect customers from attacks exploiting the Windows Animated Cursor Handling vulnerability, we wanted to provide additional information regarding an update to the known issue Knowledge Base article with information that may impact customers. As I noted on Tuesday, our regular process is to document known issues in the Master Knowledge Base article referenced in the “Caveats” section of the security bulletin.

April 2007 Advance Notification

Thursday, April 05, 2007

Hello everyone, This is Christopher Budd once again. I noted on Tuesday when discussing the release of MS07-017 that our out of band release was not cancelling our regularly scheduled April 2007 release. In that vein, as part of our regular release process, this being the Thursday before the second Tuesday, we’ve posted our Advance Notification like we always do.

An inside look into building and releasing MS07-017

Tuesday, April 03, 2007

Hey Folks – this is Mike Reavey. We’re all glad that MS07-017 – the Security Bulletin that fixes the vulnerability in Animated Cursor Handling (CVE-2007-1215) – has been released, helping to block attacks on that vulnerability. While we released it within 5 days of being notified of attacks, we have received questions from customers about why it took us 3 months to develop and release the fix for this vulnerability.

MS07-017 Released

Tuesday, April 03, 2007

Hello everyone, This is Christopher Budd. I wanted to follow up on my posting from Sunday night to let you know that we’ve released the security update, MS07-017, that addresses the vulnerability in Windows Animated Cursor Handling. As I noted on Sunday night, we originally planned to release the update on Tuesday, April 10, 2007 as part of our regular monthly release of security bulletins.

Latest on security update for Microsoft Security Advisory 935423

Sunday, April 01, 2007

Hello everyone, this is Christopher Budd. We have some new information tonight on the status of the security update that we’re working on that addresses the vulnerability in Windows Animated Cursor Handling. From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat.

Microsoft Security Advisory 935423 and Windows Server 2003 SP2

Saturday, March 31, 2007

Hello everyone, this is Christopher Budd. As I noted yesterday, we have teams doing ongoing investigation and research around the technical issues for the vulnerability in Windows Animated Cursor Handling. Today, we’ve made an update to the advisory with additional information from that ongoing work. We’ve added information regarding Windows 2003 Service Pack 2 in the “Related Software” section to note that these versions are affected by the issue as well.

Update on Microsoft Security Advisory 935423

Friday, March 30, 2007

Hello everyone, This is Christopher Budd. We’ve gotten some questions from customers around the security advisory that we released yesterday, Microsoft Security Advisory (935423). Specifically, we’ve been getting questions about: · When we learned about the vulnerability · When we learned about the attack · What we’re doing to help protect customers

Microsoft Security Advisory 935423 Posted

Thursday, March 29, 2007

Hey everyone this is Adrian Stone, I wanted to let people know that we have just posted Microsoft Security Advisory (935423). This advisory addresses new public reports of very limited attacks against a newly reported vulnerability in Microsoft Windows Animated cursor handling. We’ve activated our Software Security Incident Response Process (SSIRP) and there are few items worth noting:

March 2007 Bulletin Release Day

Tuesday, March 13, 2007

Hello, this is Christopher Budd, Since it’s the second Tuesday for March, I wanted to go ahead and make a short posting to confirm what we announced last Thursday: we are not releasing any security updates today. We are releasing an update to the Malicious Software Removal Tool today: this month’s update removes Win32/Alureon and you can download the tool at www.

March 2007 Advance Notification

Thursday, March 08, 2007

Hello, This is Christopher Budd and it’s the Thursday before the Second Tuesday for March 2007. As we do each month at this time, we’ve posted our Advance Notification for the upcoming security bulletin release. For the month of March 2007, we will not be releasing any new security updates on March 13, 2007.

Microsoft Security Response Center Blog