August, 2006

  • Monday Update on Graweg

    So I am back to give what I hope is the last update on the recent MS06-040 exploit. By the way, this is Adrian Stone again. As many of you know from the recent posts, and recent Advisory publication we have been working all weekend to stay on top of the Win32/Graweg issue so I thought it would be a good idea to update you with the current status as various enterprises and organizations around the world have come online. We have been seeing activity related to Graweg taper off. From our analysis...
  • Update about MS06-042 and IE 6.0 SP1

    Hey folks - Mike Reavey here, we've made an update to MS06-042 to let customers know of an issue they might see after applying the update to Internet Explorer 6 Service Pack 1 systems. The issue is limited to IE6SP1 only, and then only when visiting a website that use HTTP 1.1 and compression. Since MS06-042 resolves a number of security vulnerabilities we recommend customers continue to deploy the update, but we do plan to revise *only* the IE6SP1 update and re-release the bulletin with more information...
  • Today's postponed re-release of MS06-042, and posting of a Security Advisory

    Hi everyone, Stephen Toulouse here. We wanted to provide you with information about the MS06-042 re-release that was scheduled to occur today. As posted on August 15 th , we noted we would be re-releasing MS06-042 today to address a crashing issue that could occur if you are using HTTP 1.1 in combination with Internet Explorer 6.0 SP1. Late last night we discovered an issue that led us to the difficult but necessary decision to not release this update today. Providing the update in its current state...
  • MS06-040 attack information

    Stepto here. It’s a late, late Saturday night. We’ve been made aware of a recent SANS Internet Storm Center diary post several hours ago regarding an active exploit on MS06-040. We wanted to let you know what we’ve been doing about the situation and what we know. Our AV teams have labeled this Win32/Graweg.A and Win32/Graweg.B and have added detection to http://safety.live.com already as well as our various other offerings such as Windows Onecare. So far, this appears to be an extremely targeted...
  • MS06-042 Re-released

    Hey folks - Mike Reavey here, I wanted to follow up on our Security Advisory we released on Tuesday about the re-release of MS06-042 for IE 6.0 SP1 customers. We've resolved the issues that delayed the re-release and have released the revised update. The revised update fully resolves the security vulnerability we discussed in the Advisory. We also have resolved the issues that we discovered prior to the planned release on Tuesday. We are now urging IE 6.0 SP1 customers to go ahead and deploy...
  • August 2006 Security Update Release

    Hey everyone - Adrian Stone here again, stepping in for Craig Gehre to provide a quick overview of the security updates we've released Today. The full list of the updates released today are below, and, as always, additional information on the specific vulnerabilities resolved with this release are included within each security bulletin. While we always recommend applying any updates rated "Critical" as soon as possible, we are recommending that customers give priority to MS06-040 for testing and...
  • Power Point Zero Day? No.

    Hi, Scott here from the MSRC operations team. I just wanted to drop a few lines to clarify the recent buzz/ activity on a PowerPoint zero day that occured over the weekend. Our investigation has proven thus far that customers who are up to date with Office security updates are NOT affected. Meaning this is NOT a zero day. Malware in the malicious .ppt leverages a previously fixed vulnerability in Microsoft Office to drop the payload. To be attacked and become infected requires a user to...
  • Advisory with Information on Exploit Code for MS06-040

    Hey folks - Mike Reavey here, providing you with a quick update on MS06-040 . This morning we released Security Advisory 922437 because we're aware of exploit code that has been published on the Internet for the vulnerability that is addressed by Microsoft security bulletin MS06-040 . We've verified that this exploit code can allow remote code to execute on Windows 2000 and Windows XP Service Pack 1 only. In its current state, this code does not affect Windows XP Service Pack 2, Windows Server 2003...
  • August 2006 Microsoft Monthly Bulletin Release: Day Two Update

    Hi Christopher Budd here, We're into the second day of our August 2006 release and I wanted to check back and let folks know how things are going with this release. It's been about 30 hours since we posted the security updates and I'm happy to be able to say we've had well over 100 million downloads of the update for MS06-040 (that's nearly 3.5 million per hour!!). So our thanks to everyone for working hard and helping us get this out to protect their systems. We're also seeing...
  • An update on Win32/Graweg

    Hey everyone, it’s Adrian . Wanted to drop in and let you know where we are in our investigation of Win32/Graweg. As I’m sure you’ve seen by now on our AV partner sites, this is rated as a low threat and doesn’t at this time replicate automatically from machine to machine. So it’s impact in terms of infection base appears to be extremely small. We’ve updated the security advisory related to MS06-040 . What we know right now is that the attack affects specifically Windows 2000 computers who have not...