9 Jan 2006

  • Looking at the WMF issue, how did it get there?

    Hi everyone, Stephen Toulouse here. Now that the monthly release has passed and people are deploying the updates I wanted to take a moment to discuss some things related to questions we’ve been receiving on the recent WMF issue. (Which was addressed in MS06-001). One question we’ve gotten is about SetAbortProc , the function that allows printing jobs to be cancelled. (The link is to the public documentation of the function) Specifically people are wondering about how the vulnerability was present...
  • Information on new WMF Posting

    Lennart Wistrand here. I wanted to write a few lines about the public post made over the weekend about a new specially crafted WMF image that could potentially cause the application using the Windows Graphics Rendering Engine to crash. As it turns out, these crashes are not exploitable but are instead Windows performance issues that could cause some WMF applications to unexpectedly exit. These issues do not allow an attacker to run code or crash the operating system. They may cause the WMF application...
  • Trivia: security@microsoft.com and Windows development

    Why is security@microsoft.com an auto-responder and not a redirect to secure@microsoft.com? Well, security@microsoft.com is the Microsoft internal physical security alias, and has been since we started using email. As I am sure you can imagine, the amount of email we get at that alias that is external is quite a lot. Thus the autoresponder instead of a human filter which informs you that secure@microsoft.com is the appropriate alias to report security vulnerabilities (and points to other security...
  • Security updates available on ISO-9660 image files

    I wanted to let you know about a new offering that those of you enterprise customers that download multiple security updates in multiple languages might find useful. Starting with the January 2006 release, each month we're making security and high-priority non-security updates that are available on Windows Update also available on an ISO-9660 CD image. This has items available from Windows Update only, so this means that you won't find updates for things like Office or Exchange. This isn't intended...
  • MU and WSUS Information about Today's Bulletin Release

    Hey folks – Mike Reavey here stepping in for Craig as he continues to work through some last minute issues on this Tuesday’s release. Today we’ve released two Security Bulletins. The first one, MS06-002 resolves a vulnerability in Font processing in Windows and is rated Critical. The second bulletin, MS06-003 is also rated Critical, and applies to Office and Exchange customers, and resolves an issue in Transport Neutral Encapsulation (TNEF). We’re actively working through a delay on getting the MS06...
  • Two new security advisories posted

    Hi folks, Mike Reavey here. Just wanted to point out two new security advisories that we posted late last night. The first is related to a WMF vulnerability in older versions of Internet Explorer. This is different from the issue addressed by MS06-001 and only impacts older versions of Internet Explorer – if you’re using IE6SP1 or later, you’re protected from this issue. The second is related to a research paper regarding default services behavior that has already been addressed in Windows XP...
  • Win32/MyWife.E

    Hi everyone, just wanted to quickly point out that the Anti-malware team has posted a short note on the Win32/Mywife.E mass mailer worm. Pretty much all current AV protects against this worm, so running updated anti-virus is an important thing to do. In addition Windows OneCare members are also protected. The worm doesn't exploit a vulnerability, and requires user interaction. There's more over at the anti-malware blog . S. *This posting is provided "AS IS" with no warranties, and confers no...
  • Security Advisory posted: Win32/MyWife.E

    Just as a followup to our last post, this evening we have posted a security advisory detailing what you can do to protect yourself from the Win32/MyWife.E worm (hint, don't open attachments!) as well as additional info on how to get cleaned from it if you have been infected ( hint, we recommend using the Windows Live Safety Center Beta at http://safety.live.com ). The Antimalware team has also blogged on this as well. Here's the advisory: http://www.microsoft.com/technet/security/advisory/904420...