Skip to main content
MSRC

MSRC

REVISED: September Advance Notification

Friday, September 09, 2005

Hey folks, Mike Reavey again. So, we’ve had a little change in plans for next week and wanted to make you all aware of it. This afternoon we revised the information in the Advance Notification to reflect a change for next week’s release. Microsoft will not be issuing any new security updates on September 13th as part of the September monthly bulletin release cycle.

September Advance Notification

Thursday, September 08, 2005

Hey folks, Mike Reavey here again – and while its been a pretty busy morning (the way I like it) I did want to take a quick second to make sure everyone saw the Advance Notification for the Security Bulletin release this September. This coming Tuesday, we’re planning to release one security bulletin, and its in Windows.

Some thoughts on a quiet Wednesday

Wednesday, September 07, 2005

This is Mike Reavey here. It’s been a little bit quieter around the MSRC for the last week, but I thought I’d take a second now to point out a few things that you might not know exist. First off, I need to give a big shout out to the fact that the individuals responsible for creating and releasing Zotob have been arrested.

New Security Advisory on Windows Firewall Exception

Friday, September 02, 2005

Hi Folks, – you may have noticed that we posted an advisory earlier this week: http://www.microsoft.com/technet/security/advisory/897663.mspx. This advisory discusses how a malformed registry key entry could allow an exception to be entered into the firewall, but this exception wouldn’t be visible in the standard firewall graphical user interfaces. In response to customer feedback and to clear up any confusion, we wanted to be explicit that in order for this type of action to happen a system would already have to be compromised and malicious code be running as an administrator.

The View from the Situation Room

Wednesday, August 17, 2005

Hi everyone, Mike Reavey here. I wanted to take a moment and blog live from our MSRC Situation Room. (those of you watching CNN this morning got a glimpse of it!) The Situation Room is a dedicated room inside the Microsoft campus. When there is a problem or an attack impacting customers, we bring all of the right people into that room to work on the problem.

Guidance pages and information on Worm:Win32/Zotob.A

Sunday, August 14, 2005

Ok, earlier this morning we activated our Software Security Incident Reponse Process to respond to a malicious attack known as Worm:Win32/Zotob.A. Our investigation has determined that only a small number of customers have been affected and we’re working directly with them. We have seen no indication of widespread impact to the Internet, but we have posted a guidance page as well as an encyclopedia entry on this attack.

Reports of an attack on MS05-039

Sunday, August 14, 2005

Hi everyone, Stephen Toulouse here. We now have reports of an attack against the MS05-039 vulnerability. We have updated our security advisory located at: http://www.microsoft.com/technet/security/advisory/899588.mspx To provide our initial information and guidance. More information shortly. S. \*This posting is provided "AS IS" with no warranties, and confers no rights.\*

New security advisory

Thursday, August 11, 2005

Hi everyone, Unfortunately it looks like someone has posted exploit code for MS05-039 publicly. Please be sure that you are deploying this update, Windows 2000 users are particularly at risk. We have posted a security advisory on this at the following link: http://www.microsoft.com/technet/security/advisory/899588.mspx S. \*This posting is provided "AS IS" with no warranties, and confers no rights.

New security advisory

Thursday, August 11, 2005

Hey folks – Mike Reavey here, live from the situation room. (BTW- “live from the situation room” is a new favorite term ever since our big television debut this week!) I wanted to let you know that we published an advisory on a security issue in COM object, MSDDS.DLL, that when loaded in Internet Explorer could potentially run malicious code a system.

MS05-038 Download Center Updates re-issued.

Wednesday, August 10, 2005

What a crazy 24 hours. We have now re-released MS05-038, the IE bulletin, as version 2.0. We have pushed out the updates to the Download Center with the digital signature issue resolved. If you got your updates from Windows Update, Microsoft Update, WSUS, or SUS yesterday you have nothing to worry about.