The Microsoft Security Response Center has released Advisory 969136 today about a vulnerability in Microsoft Office PowerPoint which is being exploited in the wild. Office 2000, Office XP, Office 2003 and Mac Office are vulnerable however the latest version, Office 2007, is not. The Microsoft SRD blog provides more details about the how to protect your environment from the vulnerability. So far we’re aware of several distinct exploit files which have been used. They all seem to be used only in...

Over the last couple of days we've seen some spam claiming to be from Microsoft, providing a free scan to remove Conficker . Here's an example: The link actually takes you to a typical fake online scanner page used to serve up a rogue security scanner: In this case the page tries to get you to download TrojanDownloader:Win32/Renos.HL which in turn installs the rogue Trojan:Win32/WinSpywareProtect . You can read tips on how to recognize and avoid fraudulent e-mail. --Hamish O'Dea

There have been new developments in the Conficker arena within the past couple of days. We would like to inform those who are concerned that the MMPC is working to make sure you have the information you need, first to be protected from any threat; and second, to provide you with a full understanding of the threat itself. There have been primarily two new binaries reported. We are pleased to inform that Microsoft products such as Windows Live OneCare, Windows Live OneCare safety scanner, and the...

April 1st is behind us and nothing really happened with Conficker . But it is never boring in the antimalware world. We have found a new exploit of MS08-067 other than Conficker. We also discovered that we already detected and protected users against this new malware. We added information about mitigations against this malware at the end of this blog post. Neeris is a worm that has been active for a few years. Some of its variants used to exploit MS06-040 which addressed a vulnerability in the...

AutoRun is the ability for a device, through the use of autorun.inf, to expose a set of tasks for the user to choose upon insertion of new media into the computer. This could be a USB drive, a CD or DVD, a network drive, or any other additions of new media. The user is shown the AutoRun tasks along with other functions via the AutoPlay dialog. About a decade ago, diskette use started to wane. Machines began to not include diskette drives anymore. And diskette viruses were effectively removed from...

On March 10 we released an update to the Malicious Software Removal Tool to add targeting of the Win32/Koobface family. The addition of this threat came out of discussions with the security team at Facebook but this is not the first time we have added a family of malicious software to MSRT on request. We regularly work with CERTs, government agencies, ISPs and companies on threats as part of our outreach activities. Win32/Koobface falls in as the sixth most common threat removed by MSRT this month...

Hide behind huge numbers, making fighting against very expensive Birthday problem or paradox is the probability that, from a given set of people, two of them will have the same birthday. It is a paradox because the result defies common sense. For a group of 23 people, the chance that two of them share the same birthday is greater than 50%, and for a group of 57 people, it is higher than 99%. The best known use of Birthday Problem paradox is probably the Cryptographic Attack known as the Birthday...

Depending on your background, you may find different sections of the newly published Microsoft Security Intelligence Report (SIR) to be of more interest. In today’s post, we would like to highlight the section on infection rates based on the operating system (OS) version and the service pack level. Microsoft has consistently observed that machines with newer OS and with more recent service packs are less likely to be infected by malware. The graph below shows the number of computers having malware...

The family added to the April MSRT release is Win32/Waledac . If you haven't heard of the family before, there is a chance you may have seen some of the spam generated by Win32/Waledac in your inbox. We've blogged about some of the spam campaigns in the past, such as Fake Obama or the Valentine Devkit . The most recent spam campaign uses a fake “Reuters Terror Attack” themed lure. Reuters Terror Attack: Win32/Waledac is a complex spam bot. It also has the ability to download and execute arbitrary...

It’s pretty obvious that people often behave differently at home and at work. Microsoft has found that malware and potentially unwanted software are encountered differently and act differently in the two environments. The following graph shows the difference between the categories of threats encountered by Windows Live OneCare users, which is for home use, and Forefront Client Security, which is designed to be managed at work. At work, computers are more likely to encounter self-replicating threats...