Skip to main content
MSRC

Microsoft Security Response Center Blog

A minor revision to the Word Vulnerability advisory

Friday, June 02, 2006

Hi everyone. It’s Stephen Toulouse again. We’re of course still hard at work on an update for the Word vulnerability. All indications still point to this being a very limited, targeted attack but we’re still spending a lot of time thinking about how customers can protect themselves from this vulnerability. Today we’ve made a couple of minor changes to the advisory we posted on this issue to provide more clarity on the workarounds.

Read More

Incorrect reports of a new Windows 2000 SMB vulnerability

Thursday, May 25, 2006

Hey everyone. Stephen Toulouse here. There has been a bit of a flurry of activity here in Redmond this morning when we noticed a couple of people releasing information about an SMB vulnerability in Windows 2000. We just want to let everyone know that we’ve investigated this claim and found the vulnerability being discussed is fixed by MS05-011, a security update released almost 16 months ago.

Read More

Advisory posted on the recent Word vulnerability.

Tuesday, May 23, 2006

Hi everyone, Stephen Toulouse here again. Just wanted to make you aware that we have reached the point in our investigation of the limited attacks trying to use the Word vulnerability that provided us with enough information to develop some stronger workarounds and mitigations. We’ve posted all that into a new security advisory:

Read More

A quick check-in on the Word vulnerability

Saturday, May 20, 2006

Hi everyone, Stephen Toulouse here again. I wanted to catch you up on where we’re at with our investigation of the Word vulnerability. First off on the vulnerability itself: I want to reiterate we’re hard at work on an update. The attack vector here is Word documents attached to an email or otherwise delivered to a user’s computer.

Read More

Reports of a new vulnerability in Microsoft Word

Friday, May 19, 2006

Hi everyone, Stephen Toulouse here. We’ve been made aware of a new vulnerability in Microsoft Word XP and Word 2003. Customers using the Word viewer to view documents are not impacted. Yesterday we recieved a report that a customer had been subjected to a very targeted attack using this vulnerability.

Read More

New Article: Ten Principles of Microsoft Patch Management

Tuesday, May 16, 2006

Hello, This is Christopher Budd. I wanted to take a moment and let folks know that this month’s IT Pro Security newsletter has an article that I hope will be helpful for those of you who manage security updates. It’s called Ten Principles of Microsoft Patch Management and in it I try o outline not so much the “how” of patch management but rather more of the “why” behind what we do.

Read More

May 2006 Bulletin Release

Tuesday, May 09, 2006

Say heh? I have to be honest. I’ve been in the MSRC now for a while, seen a lot of “interesting” things happen around here and it is a bit of a trip to look at our list of bulletins we shipped today and see the words Flash, Adobe, and Macromedia in the titles.

Read More

May 2006 Advance Notification

Thursday, May 04, 2006

Good afternoon, This is Christopher Budd. I wanted to take a moment and let you know that we’ve posted our regular Monthly Advanced Notification for the upcoming bulletin release. As a reminder, this month, our regularly scheduled monthly bulletin release is slated for Tuesday, 9 May 2006 with a target time of 10 AM Pacific Time.

Read More

MS06-015 targeted re-release now available. And so is IE7 Beta 2

Tuesday, April 25, 2006

Hi everyone, Stephen Toulouse here again. The targeted re-release of MS06-015 is ready. If you are configured for Automatic Update, no need to take any actions. It will detect if you have the problem and deliver the update to you. If you have not yet installed MS06-015, the revised version will be offered to you.

Read More