June, 2006

  • A minor revision to the Word Vulnerability advisory

    Hi everyone. It's Stephen Toulouse again. We’re of course still hard at work on an update for the Word vulnerability. All indications still point to this being a very limited, targeted attack but we're still spending a lot of time thinking about how customers can protect themselves from this vulnerability. Today we've made a couple of minor changes to the advisory we posted on this issue to provide more clarity on the workarounds. Here's the link to the advisory: http://www.microsoft.com/technet...
  • June 2006 Advance Notification

    This is Christopher Budd. I wanted to take a moment from my preparations for TechEd next week to let you know that we made our regular advance notification for the upcoming monthly security bulletin release next week: At approximately 10:00 am PT next Tuesday, June 13th 2006, we are planning to release a total of twelve security bulletins. The breakdown of these are: · Nine security bulletins for Microsoft Windows, the highest maximum severity rating for these is “critical.” · One security...
  • Windows 98, 98SE and ME: Information about Support Lifecycle and MS06-015

    Christopher Budd here again. I wanted to take a moment and mention a couple of things related to security updates and Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). First, support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Me) ends on July 11, 2006 , which is the July 2006 Monthly Bulletin Release date. This means Microsoft will end public and technical support on July 11, 2006. This also includes...
  • Microsoft presenting at the Black Hat security conference in Las Vegas

    Hi everyone, Stephen Toulouse here. As you probably know, all throughout the year we attend various security researcher conferences all over the world. One of the biggest and the best is the Black Hat security conference in Las Vegas. And of course the MSRC, as well as a number of other Microsoft teams, will be down there this August. But that’s not the cool part. The cool part is that we will be the first software vendor to present an entire Black Hat Briefing track on a pre-release product,...
  • Hello from TechEd 2006

    Hello, this is Christopher Budd. I’m here this evening at TechEd 2006 . This year, TechEd is in Boston , Massachusetts at the Boston Convention Center . (If you want to see where we are using the new Windows Live Local, you can see a view of it here ). I’m sure you know from our RSA postings that we love the chance to get out and meet and talk with customers. And at TechEd, in addition to that we’ve got some really great sessions planned. So, I wanted to take a few minutes and let you know...
  • June 2006 security update release.

    Hi everyone, Craig Gehre here. It was tempting to make some sort of Cheaper by the Dozen reference or perhaps quote something from The Dirty Dozen, but I feel it would have been a bit obvious. I’ll just keep my comments short so you can get on to more exciting things like reading the below bulletins. For those of you running something in the x64 family, make sure you read up on the advisory 914784 that we released today. MS06-011 applies to Microsoft Windows and is rated important. MS06...
  • Reports of a new vulnerability in Microsoft Excel

    Hi everyone, Mike Reavey here. We've received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel. Here's what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker. (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited...
  • Update on Microsoft Excel Vulnerability

    Hey everyone, Mike Reavey here again. We’re headed into the weekend and I wanted to check in and provide you with some more information about the Excel issue we are investigating. As of right now it’s still just a single customer impacted. But I want to reiterate that all of our various protection tools detect this malware and remove it. The MSRC, together with the SWI team, have identified some workarounds that help stop the attack. However we’re concerned that they might have an impact to...
  • Checking in on this month's release.

    Hi everyone. Stephen Toulouse here. As we do every month, after release the Customer Support Service Group, the MSRC, and the affected product groups all monitor uptake of the updates and keep a sharp eye out for any issues that might be causing problems. There were 12 updates this month and of course we’ve been watching closely for signs of problems. So far there’ve been no issues with a vast majority of the updates, but one issue we are tracking has to do with MS06-025, very specifically related...
  • Security Advisory posted on the Microsoft Excel Vulnerability

    Hi everyone, Mike Reavey here. Just wanted to let you know we have posted our mitigations and workarounds researched throughout the weekend in the for of a security advisory. It can be found here: http://www.microsoft.com/technet/security/advisory/921365.mspx -Mike *This posting is provided "AS IS" with no warranties, and confers no rights.*