Skip to main content
MSRC

Microsoft Security Response Center Blog

Microsoft Security Advisory 932553 Posted

Friday, February 02, 2007

Hey everyone this is Alexandra Huft, I wanted to let people know about a new issue that we’ve activated our Software Security Incident Response Process (SSIRP) for: we have some information we can share from the investigation so far and I wanted to share it with you. We just posted Microsoft Security Advisory (932553).

Issue regarding Windows Vista Speech Recognition

Wednesday, January 31, 2007

Hey everyone this is Adrian and I am writing to try and clear up some concerns regarding a recently reported vulnerability in the Speech Recognition feature of Windows Vista. An issue has been identified publicly where an attacker could use the speech recognition capability of Windows Vista to cause the system to take undesired actions.

Microsoft Security Advisory 932114 Posted

Friday, January 26, 2007

Hey everyone this is Alexandra Huft, I wanted to let people know that we just posted Microsoft Security Advisory (932114). This involves an issue that only affects Microsoft Word 2000. We’ve activated our Software Security Incident Response Process (SSIRP) and have some information we can share from the investigation so far.

Re-release of MS07-002 for Excel 2000

Thursday, January 18, 2007

Hello, this is Christopher Budd. Very quickly, I wanted to let you know that we’ve just re-released MS07-002 for Excel 2000 only. The original version released on January 9, 2007 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update did not correctly process the phonetic information that is embedded in files that are created by using Excel in the Korean, Chinese, or Japanese executable mode.

SUS 1.0 Information around Tuesday's Release

Wednesday, January 10, 2007

Hello, This is Christopher Budd. We’ve gotten some questions from SUS 1.0 customers about yesterday’s release that I wanted to take a moment and address. Due to The last minute changes in the release that we updated you on last Friday, there is a delay in the updates for SUS 1.

January 2007 Monthly Security Bulletin Release

Tuesday, January 09, 2007

Hello, this is Christopher Budd I wanted to let you know that as part of our standard monthly bulletin release process we’ve released our security bulletins for January 2007. · Microsoft Office (MS07-001) · maximum severity rating of Important** · vulnerabilities could allow an attacker to run code in the context of the logged on user.

January 2007 Advance Notification

Thursday, January 04, 2007

Hello, Happy New Year everyone. This is Christopher Budd and it’s the Thursday before the Second Tuesday of January 2007. As we do each month at this time, we’ve posted our Advance Notification for the upcoming security bulletin release. Next Tuesday, on January 9, 2007 at approximately 10:00 am PT we are slated to release:

New report of a Windows vulnerability

Thursday, December 21, 2006

Hi everyone, As usual the holiday season is a busy time for everyone including those of us here in the MSRC. I hope that everyone has finished their holiday shopping so they can enjoy the long weekend. This is Mike Reavey by the way in case anyone was wondering. Aside from discussing the holidays, the reason I am dropping in on the blog is that right now we are closely monitoring developments related to a public posting of proof of concept code targeting an issue with the Client Server Run-Time Subsystem.

Update on accidental posting of pre-release security updates for Office for Mac

Friday, December 15, 2006

We wanted to follow up with Office for Mac users on what to do if you installed the pre-release security updates released on Tuesday. Because the Office for Mac update that was erroneously released had additional, non-security fixes, the Office for Mac team would like to distribute a new update to its customers that includes all the fixes unrelated to security.

Update on Current Word Vulnerability Reports

Friday, December 15, 2006

Hey everyone, Alexandra Huft here. I wanted to try and summarize/clarify for everyone the three current Word Zero-Day issues that have been reported to Microsoft. First, I wanted everyone to know that we’re actively investigating and monitoring all of these issues through our Software Security Incident Response Process and we are working on developing and testing security updates for the three issues, which we’ll release as part of our release process once they’ve reached an appropriate level of quality.