Hi everyone, Stephen Toulouse here. The IE team and MSRC worked over the holiday weekend to put together a killbit package to protect against the recent Jview COM object issue that we provided a security advisory for on Thursday. We'll be working to put this on Windows Update soon but for now it is available on the Microsoft Download Center. You can get the link from the revised security advisory here: http://www.microsoft.com/technet/security/advisory/903144.mspx Thanks again to the Internet...

Hi everyone, Stephen Toulouse here. We have posted this morning our Advance Notification for security bulletins releasing on Tuesday, July 12th, 2005. You can check it out here: http://www.microsoft.com/technet/security/bulletin/advance.mspx S. *This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi everyone, Debby Fry Wilson here. I just got back from a great trip to the Microsoft World Wide Partner Conference. Mike Nash, our Vice President of the Microsoft Security Business and Technology Unit, delivered a keynote yesterday morning detailing the progress we have made in security to date. We've come a long way, but there's still great work to be done and the MSRC is at the forefront of it. Here's the location of the feature that describes Mike's keynote: http://www.microsoft.com/presspass...

Breakfast on release day is important, but no biscuits and gravy for breakfast for Craig. Last week I tried putting on my life jacket in preparation for some jet skiing and wakeboarding when I realized I looked like an elephant with a rubber band wrapped around his midsection. Needless to say I don’t think the life jacket would have been the flotation "device" saving me. So now I’m on one of these no carb diets, which means I’m stuck eating cardboard for breakfast. Then on top of it our internal...

I wanted to talk a little more about going to the Worldwide Partner Conference in Minneapolis , Minnesota , to meet partners and get feedback on how they think we’re doing around security. The feedback was very positive, particularly around the progress we’ve made on security since the same conference two years ago, when Steve Ballmer made security a top priority for Microsoft. On Sunday morning, as I blogged before, Security Business and Technology Unit Vice President Mike Nash gave a comprehensive...

Hi! I’m Richie Lai and I’m a lead on the Microsoft Secure Windows Initiative (SWI) team. One of the things our team does is work side by side with the program managers of the MSRC, so they invited us to guest blog. While MSRC may be the most visible face of security at Microsoft, the SWI team plays a complementary role in securing our products. Organizationally, SWI is under the direction of Microsoft’s Director of Security Engineering, Matt Thomlinson . This organization is responsible for...

Hi everyone, Stephen Toulouse here. Our investigative teams have been working to fully understand the recently posted vulnerability regarding Remote Desktop Services. We have posted a security advisory regarding this with the result of our investigation. Please review the advisory here: http://www.microsoft.com/technet/security/advisory/ 904797.mspx S. *This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi folks, back in the office now from TechEd Europe last week. It was interesting to compare the crowd at TechEd USA with Europe. At the MSRC stand, we really got different perspectives, and an understanding of the different issues and landscape in Europe. We heard everything from feedback on how Microsoft supports customers through the security response process to suggestions on how to continue to improve the update management process. And most of all a reminder how diverse the region is! It...

The MSRC is here on the ground at Caesar's Palace for BlackHat 2005! (like my fancy artistic skills?) We'll be making some posts here from the conference, so more to come! S. *This posting is provided "AS IS" with no warranties, and confers no rights.*

A lot of people wonder why we come to Black Hat. Well the first reason is to meet face to face with security researchers, both those that work with us as well as those who may disagree with us on philosophical points, to show them the MSRC appreaciates the work they do to help us protect our customers. To that end we've been meeting and talking with researchers even before the first sessions started. The second reason we attend is our own education by attending the briefing sessions. I'm still in...