May, 2006

  • Reports of a new vulnerability in Microsoft Word

    Hi everyone, Stephen Toulouse here. We've been made aware of a new vulnerability in Microsoft Word XP and Word 2003. Customers using the Word viewer to view documents are not impacted. Yesterday we recieved a report that a customer had been subjected to a very targeted attack using this vulnerability. Here's what we know: In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. (note that opening...
  • A quick check-in on the Word vulnerability

    Hi everyone, Stephen Toulouse here again. I wanted to catch you up on where we’re at with our investigation of the Word vulnerability. First off on the vulnerability itself: I want to reiterate we’re hard at work on an update. The attack vector here is Word documents attached to an email or otherwise delivered to a user’s computer. The user would have to open it first for anything to happen. That information isn’t meant to say the issue isn’t serious, it’s just meant to clearly denote the scope...
  • Detection Changes for MS06-020 on WU/MU/AU and Text Corrections for MS06-019 for WSUS/SMS

    This is Craig Gehre and there are two things I wanted to let you know about. Some of you may have been getting install errors on the Flash update, MS06-020, we released on Tuesday. You would have seen these install failure errors on Windows Update, Microsoft Update, or on your system via Automatic Update. There is nothing wrong with the update itself. What was happening is that we were offering the update to newer versions of Flash, which did not need the update, in addition to the systems that did...
  • Incorrect reports of a new Windows 2000 SMB vulnerability

    Hey everyone. Stephen Toulouse here. There has been a bit of a flurry of activity here in Redmond this morning when we noticed a couple of people releasing information about an SMB vulnerability in Windows 2000. We just want to let everyone know that we've investigated this claim and found the vulnerability being discussed is fixed by MS05-011, a security update released almost 16 months ago. We contacted our partners on this and made sure they understood this is not new. What *is* new is that...
  • Advisory posted on the recent Word vulnerability.

    Hi everyone, Stephen Toulouse here again. Just wanted to make you aware that we have reached the point in our investigation of the limited attacks trying to use the Word vulnerability that provided us with enough information to develop some stronger workarounds and mitigations. We've posted all that into a new security advisory: http://www.microsoft.com/technet/security/advisory/919637.mspx Just to reiterate, this information is of course just a place holder while we are working on the update...
  • May 2006 Bulletin Release

    Say heh? I have to be honest. I’ve been in the MSRC now for a while, seen a lot of “interesting” things happen around here and it is a bit of a trip to look at our list of bulletins we shipped today and see the words Flash, Adobe, and Macromedia in the titles. Different to say the least. Anyways, below are links to the bulletins we release today. Fairly light release and the detection/deployment story is fairly smooth. Microsoft Update and WSUS will offer you everything we released this month...
  • New Article: Ten Principles of Microsoft Patch Management

    Hello, This is Christopher Budd. I wanted to take a moment and let folks know that this month's IT Pro Security newsletter has an article that I hope will be helpful for those of you who manage security updates. It's called Ten Principles of Microsoft Patch Management and in it I try o outline not so much the "how" of patch management but rather more of the "why" behind what we do. Over the years, I've found many questions that customers have around bulletins and security updates are best...
  • May 2006 Advance Notification

    Good afternoon, This is Christopher Budd. I wanted to take a moment and let you know that we've posted our regular Monthly Advanced Notification for the upcoming bulletin release. As a reminder, this month, our regularly scheduled monthly bulletin release is slated for Tuesday, 9 May 2006 with a target time of 10 AM Pacific Time. A quick reminder too that 10 AM is a target time and not a hard and fast deadline. This month, we are planning 3 bulletins. One for Microsoft Exchange and two for...