November, 2006

  • MS06-071 Available Through SUS 1.0

    Hello, This is Christopher Budd. I wanted to follow up our posting on the November 2006 Monthly Bulletin release to let folks know that MS06-071 has been made available for SUS 1.0. Those of you who are SUS 1.0 administrators should begin to see those updates show up for your approval. Thanks. Christopher *This posting is provided "AS IS" with no warranties, and confers no rights.*
  • Microsoft Security Advisory (928604) Posted

    Hello, This is Adrian Stone. I wanted to let you know that we just posted Microsoft Security Advisory (928604) . Microsoft is aware of public proof of concept code targeting the vulnerability addressed by security update MS06-070 . At this time Microsoft has not seen any indications of active exploitation of the vulnerability. We're tracking this issue through our Software Security Incident Response Process and there is information in the advisory with steps that customers can take to help...
  • November 2006 Monthly Security Bulletin Release

    Hey folks - Mike Reavey here. I wanted to let you know we’ve released our security bulletins for the month of November 2006 here today. We’re releasing six new security bulletins today: · Microsoft Windows ( MS06-066 ) · maximum severity rating of Important · vulnerabilities could allow an attacker to remotely take complete control of an affected system. · Microsoft Windows ( MS06-067 ) · maximum severity rating of Critical · vulnerabilities could allow an attacker to remotely...
  • Follow up information on weblog posting about PoC published for MS Office 2003 PowerPoint

    Hi everyone. Brian and Jonathan, software security engineers from the SWI team here. Alexandra Huft from the MSRC team asked us to write a guest blog entry giving an update into the technical investigation of the PowerPoint 2003 proof-of-concept code published a few weeks ago which was previously blogged about here ( http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx ). The short story is that this issue turned out to not be exploitable for remote...
  • November 2006 Advance Notification

    Hello, This is Christopher Budd, program manager here at the MSRC. It's the Thursday before the second Tuesday and so I wanted to go ahead and let people know that we've posted our Advance Notification for November 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on Nov. 14, 2006 at approximately 10:00 am PT we are slated to release six new security bulletins: One Microsoft Security Bulletin affecting Microsoft XML Core Services. The highest Maximum Severity rating for this...
  • Microsoft Security Advisory (927892) Posted

    Hello, Ben Richeson here. I wanted to let you know that we just posted Microsoft Security Advisory (927892) about our investigation of public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability. We're tracking this issue through our Software Security Incident Response Process and there is information in the advisory with steps that customers can...
  • Microsoft Security Advisory (927709) Posted

    Hello, Christopher Budd here. Very quickly, I wanted to let people know that we just posted Microsoft Security Advisory (927709) that talks about public proof of concept code published on an issue in the WMI Object Broker ActiveX control. We are aware of the possibility of limited attacks that are attempting to use the reported vulnerability. We're tracking this issue through our Software Security Incident Response Process and we have information in the advisory as far as steps customers can...