Thursday, June 10, 2010
Hello, We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We are not aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack.
Tuesday, June 08, 2010
Hi everyone, Today, as part of our regular monthly security bulletin release cycle, we released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework. Only three of these bulletins get our maximum severity rating of Critical.
Thursday, June 03, 2010
Hi everyone, Today we published our advance notification for the June security bulletin release, scheduled for release next Tuesday, June 8. This month’s release includes ten bulletins addressing 34 vulnerabilities. Six of the bulletins affect Windows; of those, two carry a Critical severity rating and four are rated Important. Two bulletins, both with a severity rating of Important, affect Microsoft Office.
Friday, May 21, 2010
Hi, this is Tom Gallagher from the Office Trustworthy Computing team. At Blue Hat v9, David Conger and I presented some of the security engineering work that we were doing to help ensure the security of Office 2010. We don’t want a single bug in our parsing code to allow arbitrary code to harm a customer’s machine by doing things like installing a rootkit.
Thursday, May 06, 2010
Hi everyone, Today we published our advance notification for the May security bulletin release letting customers know that next Tuesday, May 11, we will release two Critical bulletins addressing two vulnerabilities - one in Windows and one in Office. Windows 7 and Windows Server 2008 R2 customers will be offered the Windows related update but they are not vulnerable in their default configurations.
Wednesday, April 21, 2010
Hi, MS10-025 is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks seeking to exploit this issue and are targeting a re-release of the update for next week.
Monday, April 12, 2010
Handle: Jman IRL: Jerry Bryant Rank: Group Manager, Response Communications Likes: Quad lattes, geek toys, responsible disclosure Dislikes: Tomatoes, slow drivers (frontgaters) As a follow on to the WGA and Security Updates post by Dustin Childs, I wanted to address another common question we get regarding both security and non-security updates that customers receive from Microsoft through Windows Update or Microsoft Update.
Thursday, April 08, 2010
Hi everyone, Our ANS (Advance Notification Service) went out today informing customers that next Tuesday we will release 11 bulletins addressing 25 vulnerabilities in Windows, Microsoft Office, and Microsoft Exchange. We recommend that customers review the ANS summary page and prepare to test and deploy the bulletins as quickly as possible.
Tuesday, March 30, 2010
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Group Manager, Response Communications Website: TechNet/security Chat Topic: March 2010 Out-of-Band Security Bulletin Date: Tuesday, March 30, 2010 Q: CVE-2010-0483 , like CVE-2010-0806 , is a remote code executable vulnerability with an exploit code that has been published and publicly available since March 1, 2010.
Tuesday, March 02, 2010
Hi, I am writing to let you know that we have revised the installation packages for MS10-015 with new logic that prevents the security update from being installed on systems if certain abnormal conditions exist. Such conditions could be the result of an infection with a computer virus such as the Alureon rootkit.
