June, 2006

  • Reports of a new vulnerability in Microsoft Excel

    Hi everyone, Mike Reavey here. We've received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel. Here's what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker. (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited...
  • Windows 98, 98SE and ME: Information about Support Lifecycle and MS06-015

    Christopher Budd here again. I wanted to take a moment and mention a couple of things related to security updates and Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). First, support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Me) ends on July 11, 2006 , which is the July 2006 Monthly Bulletin Release date. This means Microsoft will end public and technical support on July 11, 2006. This also includes...
  • Information on Proof of Concept posting about hlink.dll

    Hi everyone Christopher Budd here. I wanted to give you some information about the recent posting of proof of concept PERL script that claims to demonstrate a vulnerability in Excel's processing of long links. As soon as we received these reports we immediately began an investigation into the posting. I wanted to let you know information we have based on that investigation. First, I want to be clear that this proof of concept code and not an attack. We’re not aware of any attacks based on this...
  • An update on recent public issues

    We've had several questions regarding some recent issues that have affected Microsoft Excel over the last week. So, I thought I'd take a minute to review each, what the security impact could be for each issue, and what we're doing to resolve the issues. We’re currently investigating three issues that have mentioned Microsoft Excel. The first one involves a vulnerability in Microsoft Excel itself. This issue has been assigned vulnerability identifier CVE-2006-3059. (The vulnerability identifiers...
  • Microsoft presenting at the Black Hat security conference in Las Vegas

    Hi everyone, Stephen Toulouse here. As you probably know, all throughout the year we attend various security researcher conferences all over the world. One of the biggest and the best is the Black Hat security conference in Las Vegas. And of course the MSRC, as well as a number of other Microsoft teams, will be down there this August. But that’s not the cool part. The cool part is that we will be the first software vendor to present an entire Black Hat Briefing track on a pre-release product,...
  • Information on a publicly disclosed Windows vulnerability.

    Adrian here again. Just wanted to post real quickly to let you know we’re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we’re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we’re investigating. What we know at the moment is that the vulnerability can be attacked through Internet Explorer and requires user interaction on the page before the attack can occur. As always...
  • Update on Microsoft Excel Vulnerability

    Hey everyone, Mike Reavey here again. We’re headed into the weekend and I wanted to check in and provide you with some more information about the Excel issue we are investigating. As of right now it’s still just a single customer impacted. But I want to reiterate that all of our various protection tools detect this malware and remove it. The MSRC, together with the SWI team, have identified some workarounds that help stop the attack. However we’re concerned that they might have an impact to...
  • Checking in on this month's release.

    Hi everyone. Stephen Toulouse here. As we do every month, after release the Customer Support Service Group, the MSRC, and the affected product groups all monitor uptake of the updates and keep a sharp eye out for any issues that might be causing problems. There were 12 updates this month and of course we’ve been watching closely for signs of problems. So far there’ve been no issues with a vast majority of the updates, but one issue we are tracking has to do with MS06-025, very specifically related...
  • Exploit code posted on the recent vulnerability addressed by MS06-025

    Hi everyone, Stephen Toulouse here. We've see that detailed exploit code has been published on the Internet for the vulnerability addressed by Microsoft security bulletin MS06-025. So per the usual when something like this happens so quickly after release we wanted to highlight that fact, and let you know that we're not currently aware of any active attacks utilizing this exploit code at this time. But the MSRC is monitoring this situation to keep customers informed and to provide customer guidance...
  • Information about Updated MS06-025

    Hey everyone, this is Adrian Stone here and up until recently I was the newest member of the MSRC. I wanted to use my first post to let everyone know that we have updated MS06-025 complete with updated binaries for the affected platforms. As many of you may know, there were some issues identified after the initial release affecting some users who required the use of legacy dial-up connections that use a terminal window, or dial-up scripting, or used scripts to change device configuration parameters...