December, 2005

  • Some info on the "cross-site scripting" issue affecting Internet Explorer

    We've received some questions regarding a reported cross-site scripting (XSS) issue affecting Internet Explorer. Google Desktop was used in a proof of concept to demonstrate how, in some cases, this issue could allow an attacker to obtain sensitive information. This issue may be a bit confusing because it is not really an XSS issue. A better way to describe it might be to call it “cross-site information disclosure”. Our investigation indicates that this issue will have limited impact because an effective...
  • December Advance Notification

    Stephen Toulouse here gang. The Advance Notification for the security bulletin release for this month has posted. This coming Tuesday, we’re planning to release two security bulletins affecting Microsoft Windows. The maximum total severity rating for this month is Critical, so please update systems as soon as possible when the bulletins are available this coming Tuesday. The updates can be deployed and detected with MBSA, Windows Update, Microsoft Update, SUS and WSUS etc. There will also be a new...
  • Todays updates and SUS 1.0

    Hi everyone. One tired Release Manager Craig here. Today we released 2 new bulletins, details below. But a quick note: For the SUS 1.0 Admins, you may be experiencing some problems with all your previously approved updates are now showing up as “unapproved”. This doesn’t impact the update level of your SUS clients, or the ability to deploy today’s updates with SUS 1.0. However, we have released a KB that has more details and workarounds . We are also hoping to make it a bit easier to fix by releasing...
  • Script for SUS 1.0 problem released

    Hi everyone, Stephen Toulouse here. We've released the script to help address the SUS 1.0 issue Craig mentioned earlier to the download center. We've also updated the KB article that details the problem, click here to zoom straight to the section on the new script that is available. S. *This posting is provided "AS IS" with no warranties, and confers no rights.*
  • New Security Advisory for Possible Windows Vulnerability

    Hi everyone, Stephen Toulouse here. Just wanted to make everyone is aware that this evening the MSRC posted a security advisory regarding a possible vulnerability affecting the Graphics Rendering Engine in Windows. The MSRC has made some additional information and guidance available to customers which you can read more about here . S. *This posting is provided "AS IS" with no warranties, and confers no rights.*
  • A few thoughts on the WMF vulnerability

    Hi folks- this is Kevin Kean from the MSRC, writing what may just be my last MSRC blog entry for 2005. This morning we noticed that there are some people who are still looking for more information about the Windows Metafile (WMF) vulnerability that we issued a security advisory for on Wednesday. I thought it would be helpful to let you all know what we know about this and what we are doing to take care of it. Since earlier this week, my team has been hard at work investigating this vulnerability...
  • A few thoughts on the WMF vulnerability

    Hi folks- this is Kevin Kean from the MSRC, writing what may just be my last MSRC blog entry for 2005. This morning we noticed that there are some people who are still looking for more information about the Windows Metafile (WMF) vulnerability that we issued a security advisory for on Wednesday. I thought it would be helpful to let you all know what we know about this and what we are doing to take care of it. Since earlier this week, my team has been hard at work investigating this vulnerability...