Tuesday, July 11, 2006
Two blog entries in one day. Not what I intended, honest. Those of you that use SMS or WSUS have probably been struggling with the download of WSUSscan.cab. The reason for the delay is that we had problems in our virus scanning labs right before the cab gets pushed live. The issue was resolved and the new cab for the July security release is now live.
Tuesday, July 11, 2006
Today we released 7 new security bulletins. We had some publishing issues pop up this morning that I think you should be aware of. The below items went live a bit later than the normal 10AM-ish time. We are working on getting these items live and you should start seeing them soon.
Monday, July 10, 2006
Hello, this is Mike Reavey. I wanted to take a moment and pass on some information about a claim that was posted late Friday about a possible unchecked boundary condition vulnerability in Microsoft Word. The claim was that this could enable an attacker to execute malicous code by convincing a user to open a malformed Word document.
Thursday, July 06, 2006
Hello, This is Christopher Budd. It’s the Thursday before the second Tuesday of the month, and that means we’ve posted our Advanced Notificationfor the July 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on July 11, 2006 at approximately 10:00 am PT we are slated to release seven new security bulletins:
Wednesday, June 28, 2006
Adrian here again. Just wanted to post real quickly to let you know we’re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we’re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we’re investigating.
Tuesday, June 27, 2006
Hey everyone, this is Adrian Stone here and up until recently I was the newest member of the MSRC. I wanted to use my first post to let everyone know that we have updated MS06-025 complete with updated binaries for the affected platforms. As many of you may know, there were some issues identified after the initial release affecting some users who required the use of legacy dial-up connections that use a terminal window, or dial-up scripting, or used scripts to change device configuration parameters.
Saturday, June 24, 2006
We’ve had several questions regarding some recent issues that have affected Microsoft Excel over the last week. So, I thought I’d take a minute to review each, what the security impact could be for each issue, and what we’re doing to resolve the issues. We’re currently investigating three issues that have mentioned Microsoft Excel.
Friday, June 23, 2006
Hi everyone, Stephen Toulouse here. We’ve see that detailed exploit code has been published on the Internet for the vulnerability addressed by Microsoft security bulletin MS06-025. So per the usual when something like this happens so quickly after release we wanted to highlight that fact, and let you know that we’re not currently aware of any active attacks utilizing this exploit code at this time.
Thursday, June 22, 2006
Hi everyone, Stephen Toulouse here. Just posting a brief note about two quick things regarding the blog. When we originally set it up we used my user account and it’s been our communal account for making posts. Unfortunately every post showed up as from “stepto”. That’s fixed now and posts will show up as being from “msrcteam”.
Tuesday, June 20, 2006
Hi everyone Christopher Budd here. I wanted to give you some information about the recent posting of proof of concept PERL script that claims to demonstrate a vulnerability in Excel’s processing of long links. As soon as we received these reports we immediately began an investigation into the posting. I wanted to let you know information we have based on that investigation.
