Skip to main content
MSRC

Microsoft Security Response Center Blog

Reports of Exploit code for recent updates.

Thursday, October 13, 2005

Hi everyone, Stephen Toulouse here. There’s been a lot of talk today about exploit code, specifically around security bulletins MS05-051 and MS05-046. The good news is that we’re not aware at this time of any exploit code being available publicly. Currently we’ve been told the exploit code is only available through third party fee-based security offerings.

October 2005 Security Bulletin Release

Tuesday, October 11, 2005

Like greased lightnin’. Granted I don’t have overhead lifters or a four speed on the floor, nevertheless today was systematic . Nine bulletins requires that a lot of pieces come together. Hands down this was the smoothest release based on “pain” to bulletin ratio I can remember. Plus my trusty companion, vente almond mocha helped too.

October Advance Notification

Thursday, October 06, 2005

Hey folks, Mike Reavey here, I wanted to take a quick second to make sure everyone saw the Advance Notification for the Security Bulletin release for this October. This coming Tuesday, we’re planning to release nine security bulletins, and they are being released in Windows with one affecting Exchange Server as well.

Steve Ballmer and Mike Nash detail security strategy.

Thursday, October 06, 2005

Hi everyone, Stephen Toulouse here. Back from a nice vacation and wanted to stop and just jot a quick note about Steve Ballmer and Mike Nash’s respective speeches today where they detailed a number of new products and partnerships relating to security. You can get the full details here. Specific Q&A’s around Microsoft Client Protection and the SecureIT Alliance are available here and here.

A Day in the Life of a Security Bulletin

Tuesday, September 27, 2005

Hi all- Alexandra Huft here again! I thought you might find it interesting to see “behind the scenes” of how a security vulnerability eventually becomes a security bulletin. So, I’ll start way back at the beginning. We receive reports from many different finders on issues that may or may not be a vulnerability.

Simon says “IANAD”

Thursday, September 15, 2005

It’s been 10 years since I did any hands-on dev work. However working in the security space at Microsoft, “SDL” or the Security Development Lifecycle is very visible and obviously important to even those not directly involved in development. We had the opportunity here in LA to share with customers how Microsoft took BillG’s edict that security should be our top priority, and over the past couple of years re-engineer our entire development process to implement this vision at every level - from design through to post-release maintenance.

PDC from Alexandra's eyes

Wednesday, September 14, 2005

Hi all- my name is Alexandra Huft, I am a Security Program Manager within the Microsoft Security Response Center, and I’m new to the blog. This being my first PDC I’ve attended,it has been amazing. It looks like a small swarm with all of dev’s that are attending this year. Last night we had the Microsoft reception which was seemed very much welcomed.

September's security update release cycle

Tuesday, September 13, 2005

Well it’s Tuesday, and it been another busy day. That might be surprising since we didn’t release any new security updates, but there’s always a lot going on in the MSRC. While the decision to not ship the security update was a difficult one, it was encouraging to see that several customers, security researchers and even the press felt it was the right decision.

The MSRC live from PDC 2005

Tuesday, September 13, 2005

Craig Gehre here reporting from the Professional Developer’s Conference in L.A. and I have to say that PDC is really coo this year! If you like to code or anything related to developing with, or for, the latest technologies this is the place for you. I hit Bill Gates’ keynote for a bit and then headed over to our MSRC booth to get situated.

REVISED: September Advance Notification

Friday, September 09, 2005

Hey folks, Mike Reavey again. So, we’ve had a little change in plans for next week and wanted to make you all aware of it. This afternoon we revised the information in the Advance Notification to reflect a change for next week’s release. Microsoft will not be issuing any new security updates on September 13th as part of the September monthly bulletin release cycle.