April, 2007

  • Latest on security update for Microsoft Security Advisory 935423

    Hello everyone, this is Christopher Budd. We have some new information tonight on the status of the security update that we’re working on that addresses the vulnerability in Windows Animated Cursor Handling. From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been...
  • MS07-017 Released

    Hello everyone, This is Christopher Budd. I wanted to follow up on my posting from Sunday night to let you know that we’ve released the security update, MS07-017 , that addresses the vulnerability in Windows Animated Cursor Handling. As I noted on Sunday night, we originally planned to release the update on Tuesday, April 10, 2007 as part of our regular monthly release of security bulletins. We have been monitoring the situation throughout and our indications, and those of our MSRA partners...
  • An inside look into building and releasing MS07-017

    Hey Folks – this is Mike Reavey. We’re all glad that MS07-017 – the Security Bulletin that fixes the vulnerability in Animated Cursor Handling (CVE-2007-1215) – has been released, helping to block attacks on that vulnerability. While we released it within 5 days of being notified of attacks, we have received questions from customers about why it took us 3 months to develop and release the fix for this vulnerability. I wanted to provide some insight into the history of this vulnerability, and while...
  • April 2007 Advance Notification

    Hello everyone, This is Christopher Budd once again. I noted on Tuesday when discussing the release of MS07-017 that our out of band release was not cancelling our regularly scheduled April 2007 release. In that vein, as part of our regular release process, this being the Thursday before the second Tuesday, we’ve posted our Advance Notification like we always do. On next Tuesday April 10, 2007, at or around 10 AM Pacific Time, we’re planning to release: • Four Microsoft Security Bulletins...
  • Microsoft Knowledge Base Article 925902 Updated

    Hello this is Christopher Budd. Since MS07-017 was released out-of-band on Tuesday to protect customers from attacks exploiting the Windows Animated Cursor Handling vulnerability, we wanted to provide additional information regarding an update to the known issue Knowledge Base article with information that may impact customers. As I noted on Tuesday , our regular process is to document known issues in the Master Knowledge Base article referenced in the “Caveats” section of the security bulletin...
  • April 2007 Monthly Bulletin Release

    Hi Everyone! This is Tami Gallupe , with MSRC, and here is our update on the bulletins we released today. Today we released 5 bulletins: 4 have a maximum severity rating of Critical, and one has a maximum severity rating of Important. The bulletins are as follows: Microsoft Content Management Server ( MS07-018 ) Maximum severity rating of Critical Could Allow Remote Code Execution Universal Plug and Play ( MS07-019 ) Maximum severity rating of Critical Could...
  • Microsoft Security Advisory 935964 Posted

    Hey everyone this is Adrian Stone, I wanted to let people know that we have just posted Microsoft Security Advisory (935964) . This advisory talks about a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service. Our investigation has shown that this affects Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2. Because this is a server service, Windows 2000 Professional Service Pack 4, Windows XP Service Pack...
  • More information on Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. As Adrian noted last night , we posted Microsoft Security Advisory 935964 with information customers can use to protect themselves against the vulnerability in Windows DNS server. While we have no new information about the situation from last night, I did want to give some additional detail and clarification to customers. First, though, I want everyone to know that we are actively working around the clock on a security update to address this issue....
  • Situation update on Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. I wanted to give you a brief update with the latest information on the situation from our ongoing work over the weekend. Our teams are continuing their work to develop a security update to address this issue. Our ongoing monitoring of attacks in conjunction with our MSRA partners indicates that attacks are still limited. We are aware though of public disclosure of proof of concept code to exploit the vulnerability. We continue to urge customers to deploy...
  • Monday update on Microsoft Security Advisory 935964

    Hello everyone, this is Christopher Budd. I wanted very quickly to update you with some new, important, information that we have on this situation. Our ongoing monitoring in conjunction with our MSRA partners indicates that we are seeing a new attack that is attempting to exploit this vulnerability. At this time, the attack does not appear widespread. As part of our Software Security Incident Response Process (SSIRP) , we continue to work through a variety of channels to encourage customers...