November, 2005

  • Third Party Security Vulnerability that might impact Windows Users

    Hi everyone, Stephen Toulouse here. There’s been some questions regarding a recent security vulnerability in Macromedia Flash Player, which is a third party product that shipped with Windows XP Service Pack 1 and Windows XP Service Pack 2. The MSRC is in communication with Macromedia, and we know that Macromedia has made an update available on their website. If you are a Macromedia Flash Player user, Macromedia has posted guidance here . If you aren’t using Macromedia Flash Player, or know...
  • Problem affecting SUS 1.0 users

    Sup folks, Craig here. Remember what I said about that Murphy guy? Well we’ve run across an issue affecting SUS 1.0 that we’re investigating whereby the update can't be deployed. We hope to have a resolution soon on it. WSUS and other deployment tools are unaffected. We’ll post more as soon as we can. Please stand by. -Craig *This posting is provided "AS IS" with no warranties, and confers no rights.*
  • Disabling an ActiveX

    Hello readers, Mike Reavey here. There has been a fair amount of attention around the ”Sony XCP software” over the last many days. As you may know from the anti-malware blog , Windows Defender and Windows AntiSpyware Beta have included detection and removal for the rootkit component of this software. However, there are also some questions regarding the ActiveX control that was released by Sony to allow the removal of the rootkit. It's been reported that this ActiveX control contains vulnerabilities...
  • IT Forum!

    Stephen Toulouse here. I just finished my presentation on the Microsoft Security Response Center here at IT Forum. It was a good talk and I got some great feedback on our security efforts. I also snapped some pics! Here's here's the room I presented in before they let people in, here's the Microsoft booth , here's the MSRC booth , here's the ask the experts section , and here's the exhibition floor just before they opened it. Craig and I are at the booth so come on by! S. *This posting is...
  • Update to our recent advisory

    Hi everyone, I’ve been working on my IT Forum update recapping our trip to Barcelona . But I wanted to go ahead and let you know some breaking information. We’ve been made aware that there has been some malicious software exploiting the recently publicly disclosed Internet Explorer vulnerability. We have just updated our security advisory to reflect this new information, and wanted to let you know that you can visit Windows Live Safety Center if you think you might be infected as a result of this...
  • November Advance Notification

    Stephen Toulouse here subbing for "Iron" Mike Reavey who is out of the office. We've posted the Advance Notification for the security bulletin release for this month. This coming Tuesday, we’re planning to release one security bulletin affecting Microsoft Windows. The maximum total severity rating for this month is Critical, so please update systems as soon as possible when the bulletin is available this coming Tuesday. The update can be deployed and detected with MBSA, Microsoft Update, and WSUS...
  • New Security Advisory and SUS 1.0 problem fixed

    Stephen Toulouse here! Just wanted to let you know that last night we posted a detailed security advisory on the Macromedia Flash Player vulnerability. You can check it out here . Also, the SUS 1.0 problem with Tuesday's update has been addressed and it's online. Just to let you know, we had an unforeseen problem with a machine that handles creating those packages and we're investigating how we can prevent such things in the future. But the updates are available now for SUS 1.0. WSUS and other...
  • Live from 33,000 feet!

    Hi everyone, Stephen Toulouse here. I'm typing these words at a speed of about 560 miles an hour currently over the northwest portion of Canada. I'm flying the night time SAS flight from Seattle to Europe for IT Forum in Barcelona and just had to blog. They have Connexion by Boeing on this flight. It's wireless broadband Internet available for the entire flight. I'm sitting here in my seat looking around at what appear to be a bunch of other Microsoft people all using their computers. Some people...
  • Today's bulletin release.

    Craig here. One bulletin. No big whoop right? Impossible. Someone needs to knock that Murphy dude around, because his laws are not cool. Anyways we got the bulletin out. Detection and Deployment will be like most other Windows bulletins. Windows and Microsoft Update, SMS, SUS, and MBSA are all there for you. You can find all the details on the bulletin here . For you SMS admins out there, I want to point you to a blog from a good guy in the SMS team. Bryan has worked with MSRC for quite a while...
  • New Security Advisory posted for IE Issue

    Stephen Toulouse here. Just wanted to make everyone aware that this evening we've posted a security advisory regarding a publicly disclosed issue in Internet Explorer. You can read all the details here . S. *This posting is provided "AS IS" with no warranties, and confers no rights.*