January, 2007

  • Issue regarding Windows Vista Speech Recognition

    Hey everyone this is Adrian and I am writing to try and clear up some concerns regarding a recently reported vulnerability in the Speech Recognition feature of Windows Vista. An issue has been identified publicly where an attacker could use the speech recognition capability of Windows Vista to cause the system to take undesired actions. While it is technically possible, there are some things that should be considered when trying to determine what the threat of exposure is to your Windows Vista system...
  • Microsoft Security Advisory 932114 Posted

    Hey everyone this is Alexandra Huft, I wanted to let people know that we just posted Microsoft Security Advisory (932114) . This involves an issue that only affects Microsoft Word 2000. We’ve activated our Software Security Incident Response Process (SSIRP) and have some information we can share from the investigation so far. We are currently investigating a report of a posting of proof of concept code which could allow an attacker to execute code on a user’s machine in their security context...
  • January 2007 Advance Notification

    Hello, Happy New Year everyone. This is Christopher Budd and it’s the Thursday before the Second Tuesday of January 2007. As we do each month at this time, we’ve posted our Advance Notification for the upcoming security bulletin release. Next Tuesday, on January 9, 2007 at approximately 10:00 am PT we are slated to release: One Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for this is Critical. This update will be detectable using the...
  • Re-release of MS07-002 for Excel 2000

    Hello, this is Christopher Budd. Very quickly, I wanted to let you know that we've just re-released MS07-002 for Excel 2000 only. The original version released on January 9, 2007 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update did not correctly process the phonetic information that is embedded in files that are created by using Excel in the Korean, Chinese, or Japanese executable mode. If you're not running...
  • SUS 1.0 Information around Tuesday's Release

    Hello, This is Christopher Budd. We've gotten some questions from SUS 1.0 customers about yesterday's release that I wanted to take a moment and address. Due to The last minute changes in the release that we updated you on last Friday, there is a delay in the updates for SUS 1.0 customers. This does not affect WSUS, it was updated yesterday on schedule as part of the release. At this time, we expect that the updates will be released through SUS 1.0 in the morning (Pacific Time)...
  • January 2007 Monthly Security Bulletin Release

    Hello, this is Christopher Budd I wanted to let you know that as part of our standard monthly bulletin release process we’ve released our security bulletins for January 2007. · Microsoft Office ( MS07-001 ) · maximum severity rating of Important · vulnerabilities could allow an attacker to run code in the context of the logged on user. · Microsoft Office ( MS07-002 ) · maximum severity rating of Critical · vulnerabilities could allow an attacker to run code in the context...