Hi there this is Bill Sisk. There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information. To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. We have also determined that these attacks are in no...

April 2008 Monthly Bulletin Release I'm Simon, Release Manager in the MSRC. The April 2008 release contains 8 new bulletins, 5 of which have maximum severities of "Critical". MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032) MS08-020 Vulnerability in DNS Client Could Allow Spoofing (945553) MS08-021 Vulnerabilities in GDI Could Allow Remote Code Execution (948590...

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (951306) . This advisory contains information regarding a new public report of a vulnerability within Microsoft Windows which allows for privilege escalation from authenticated user to LocalSystem. Our investigation has shown that this vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. At this time, we are not aware of attacks attempting to use the reported...

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, April 8, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of our regularly scheduled bulletin release, we’re currently planning to release: · Five Microsoft Security...