August, 2005

  • More thoughts from BlackHat 2005.

    Hello! My name is Debbie Wilcox and I’m a Security Program Manager in the Microsoft Security Response Center (MSRC). I just got back from my very first Black Hat Conference and I have to admit, I was pleasantly surprised. I wasn’t sure what to expect, even though I’d heard stories from various co-workers. As a self-declared non-geek, I was afraid I’d be out-geeked and way out of my league, but that wasn’t the case. Well, for the most part. J A few of the briefings had titles that were misleading...
  • My thoughts about BlackHat 2005 - Viva Las Vegas!

    Hi…. My name is Brian Schafer and I’m a newb to bloggin! <Great, now that I got that out of the way… > Wow! Viva Las Vegas ! What an awesome experience! Quite a bit different from Blackhat Seattle I must say! I now have a greater appreciation for the phrase, the “city that never sleeps.” I came, I saw, and I went home wicked tired! I cannot say enough about how great it was to meet with everyone while in Vegas! Someone remind me to pack more business cards for this next year...
  • Today's Advance Notification

    Hey folks - Mike Reavey here. Next Tuesday is the 2nd Tuesday of the Month and I wanted to outline what bulletins we expect to release. At the moment we have 6 security bulletins planned for release, the highest severity rating of these is Critical. We're also continuing to release our Malicious Software Removal tool with updates for additional malware families. Finally, we have one non-security release that will be High-Priority on Microsoft and Windows Update. This non-security release is important...
  • A virus for Windows Vista? Wrong.

    Hi everyone, Stephen Toulouse here. There’s been some commentary the past couple of days regarding a potential Windows Vista virus and we wanted to weigh in with some details. First of all, in examining the details of the reports, there is no Windows Vista virus described in them. Instead, the reports are regarding potential proof of concept viruses in the form of malicious scripts that are developed to affect a new interactive shell codenamed "Monad", which is currently in early phase of beta testing...
  • Slashdot article incorrect.

    An article on Slashdot is saying that Monad was pulled from Windows Vista due to the virus story. This is 100% incorrect. One had nothing to do with the other. Monad is probably going to be a longer term project than Windows Vista, and we didn't just decide to remove it today or yesterday. Just wanted to clarify that. S. *This posting is provided "AS IS" with no warranties, and confers no rights.*
  • Today's Security Updates and bit of a glitch.

    Much delayed post, but I’m sure some of you probably know or can take a good guess at what is causing my delay today. Not long after we released this morning, we found out that many of the digital signatures on some of the IE updates for MS05-038 were corrupted and were preventing install. This only impacts those downloading from the Download Center, not Windows Update, Microsoft Update, SUS, or WSUS. At least now we know what the problem is and it should be fixed soon. So here is what we cranked...
  • MS05-038 Download Center Updates re-issued.

    What a crazy 24 hours. We have now re-released MS05-038, the IE bulletin, as version 2.0. We have pushed out the updates to the Download Center with the digital signature issue resolved. If you got your updates from Windows Update, Microsoft Update, WSUS, or SUS yesterday you have nothing to worry about. For you admins out there the binaries and install are all the same so need to change any detection you may have worked up. Here’s what happened: During the publication of the MS05-038 updates...
  • New security advisory

    Hi everyone, Unfortunately it looks like someone has posted exploit code for MS05-039 publicly. Please be sure that you are deploying this update, Windows 2000 users are particularly at risk. We have posted a security advisory on this at the following link: http://www.microsoft.com/technet/security/advisory/899588.mspx S. *This posting is provided "AS IS" with no warranties, and confers no rights.*
  • Reports of an attack on MS05-039

    Hi everyone, Stephen Toulouse here. We now have reports of an attack against the MS05-039 vulnerability. We have updated our security advisory located at: http://www.microsoft.com/technet/security/advisory/899588.mspx To provide our initial information and guidance. More information shortly. S. *This posting is provided "AS IS" with no warranties, and confers no rights.*
  • Guidance pages and information on Worm:Win32/Zotob.A

    Ok, earlier this morning we activated our Software Security Incident Reponse Process to respond to a malicious attack known as Worm:Win32/Zotob.A. Our investigation has determined that only a small number of customers have been affected and we're working directly with them. We have seen no indication of widespread impact to the Internet, but we have posted a guidance page as well as an encyclopedia entry on this attack. We will remain watchful for any variants or any further customer impact. As...