Hello, This is Christopher Budd. I wanted to follow up our posting on the November 2006 Monthly Bulletin release to let folks know that MS06-071 has been made available for SUS 1.0. Those of you who are SUS 1.0 administrators should begin to see those updates show up for your approval. Thanks. Christopher *This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello, This is Adrian Stone. I wanted to let you know that we just posted Microsoft Security Advisory (928604) . Microsoft is aware of public proof of concept code targeting the vulnerability addressed by security update MS06-070 . At this time Microsoft has not seen any indications of active exploitation of the vulnerability. We're tracking this issue through our Software Security Incident Response Process and there is information in the advisory with steps that customers can take to help...

Hey folks - Mike Reavey here. I wanted to let you know we’ve released our security bulletins for the month of November 2006 here today. We’re releasing six new security bulletins today: · Microsoft Windows ( MS06-066 ) · maximum severity rating of Important · vulnerabilities could allow an attacker to remotely take complete control of an affected system. · Microsoft Windows ( MS06-067 ) · maximum severity rating of Critical · vulnerabilities could allow an attacker to remotely...

Hi everyone. Brian and Jonathan, software security engineers from the SWI team here. Alexandra Huft from the MSRC team asked us to write a guest blog entry giving an update into the technical investigation of the PowerPoint 2003 proof-of-concept code published a few weeks ago which was previously blogged about here ( http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx ). The short story is that this issue turned out to not be exploitable for remote...

Hello, This is Christopher Budd, program manager here at the MSRC. It's the Thursday before the second Tuesday and so I wanted to go ahead and let people know that we've posted our Advance Notification for November 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on Nov. 14, 2006 at approximately 10:00 am PT we are slated to release six new security bulletins: One Microsoft Security Bulletin affecting Microsoft XML Core Services. The highest Maximum Severity rating for this...

Hello, Ben Richeson here. I wanted to let you know that we just posted Microsoft Security Advisory (927892) about our investigation of public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability. We're tracking this issue through our Software Security Incident Response Process and there is information in the advisory with steps that customers can...

Hello, Christopher Budd here. Very quickly, I wanted to let people know that we just posted Microsoft Security Advisory (927709) that talks about public proof of concept code published on an issue in the WMI Object Broker ActiveX control. We are aware of the possibility of limited attacks that are attempting to use the reported vulnerability. We're tracking this issue through our Software Security Incident Response Process and we have information in the advisory as far as steps customers can...