Skip to main content
MSRC

Security Bulletin

The year-end review – well, sort of :)

Sunday, July 26, 2009

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Hey! It’s that time of year again for all of us to pack up and head out to the desert to reconnect, discuss, and plan for the future, or at least what we think will be the future of security.

Security Bulletin Webcast Video, Questions and Answers – July 2009

Wednesday, July 15, 2009

Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components). There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed the Fix it workaround in the advisory, do I need to uninstall it before installing the update in the bulletin?

July 2009 Advance Notification

Wednesday, July 08, 2009

Advance Notification for the July 2009 Security Bulletin Release Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of: · Three Critical updates affecting Windows. · One Important update affecting Publisher.

Security Bulletin Webcast Video, Questions and Answers – June 2009

Friday, June 12, 2009

During the security bulletin webcast for June 2009, we answered a wide array of questions around the 10 bulletins we released. Of primary interest to customers, based on the number of questions we received on the topic, is the RPC issue addressed by MS09-026. As this issue affects third party products that utilize RPC in Windows, customers wanted to know if there is a way to tell if their third party product was vulnerable.

June 2009 Bulletin Release

Tuesday, June 09, 2009

Summary of Microsoft’s monthly security bulletin release for June 2009. Today we released 10 new security bulletins. 6 of those affect Windows with two rated as critical, three rated as important and one as moderate. The remaining four all have an aggregate rating of critical and affect Internet Explorer, Microsoft Office Word, Microsoft Office Excel and Microsoft Works Converters.

Security Bulletin Webcast Video, Questions and Answers – May 2009

Friday, May 15, 2009

In the May 2009 security bulletin webcast, we addressed several questions relating to MS09-017 in addition to questions about WSUS and MBSA. For those questions that came in after we concluded the webcast, we have provided answers in the published Q&A which you can find here: http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-May-2009.aspx Also, here is the link to the Q&A index page in case you want to view previous months:

May 2009 Bulletin Release

Tuesday, May 12, 2009

Summary of Microsoft’s monthly security bulletin release for May 2009. Today we released one security bulletin, MS09-017, affecting our PowerPoint products. This update addresses several vulnerabilities including the issue described in Microsoft Security Advisory 969136. In that advisory, we noted that we were aware of limited, targeted attacks. The security of our customers is important to us and due to these active attacks, we have released the updates for one product line (all versions of Microsoft Office for Windows) so that the majority of our customers can protect their systems.

Token Kidnapping finally patched!

Tuesday, April 14, 2009

Here I am again writing on MS BlueHat blog, this time about Token Kidnapping. The first time I talked about Token kidnapping was a long time ago and now after a year the issues detailed in the presentation are finally fixed. Let’s see what happened. Before the first public Token Kidnapping presentation I talked to MS about the topics it included, I mentioned that there were design issues and that some issues were already known.