July, 2008

  • MSRC Blog: Microsoft Security Advisory 953635

    Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (953635). This advisory contains information regarding a new public report of a possible vulnerability within Microsoft Office Word which could allow for remote code execution. Our investigation thus far has shown that this vulnerability affects Microsoft Office Word 2002 Service Pack 3 only. At this time, we are aware of limited, targeted attacks attempting to use the reported vulnerability,...
  • Microsoft Security Bulletin Webcast Q&A - Index Page

    Below is an index of the Question & Answers from our monthly security bulletin webcast. To find the registration link for the next webcast, please visit the following link: http://www.microsoft.com/technet/security/current.aspx . To view previous webcasts On-Demand, please visit this link: http://www.microsoft.com/events/security/ondemand.mspx Index: October 2010 - http://blogs.technet.com/b/msrc/p/october-2010-security-bulletin-q-a.aspx September 2010 - http...
  • Snapshot Viewer ActiveX Control Vulnerability

    Hi. Bill here. I want to let you know that we have just posted Microsoft Security Advisory 955179 , which contains information regarding active, targeted attacks using a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access. The Snapshot Viewer enables you to view a report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access...
  • Revision for MS08-037

    Hello, This is Christopher Budd. I wanted to take a moment and let you know about a revision that we’ve made to MS08-037 today. After the release of MS08-037 , we became aware of reports of ZoneAlarm customers experiencing issues after applying the security updates. We started investigating these reports as soon as we heard about them and have been working to research this issue. We’re still working on this issue but we do have some information from our investigation so far, which we’ve put...
  • UPDATE: July 2008 Bulletin Monthly Release - SQL update detection issue

    Hi, Simon here again – I just wanted to follow up on the SQL update detection issue I mentioned below. We’ve released updated WU/MU detection and an updated WSUS catalog to resolve this issue. Cheers, Simon Release Manager, MSRC July 2008 Monthly Bulletin Release I'm Simon, Release Manager in the MSRC. The July 2008 release contains 4 new bulletins, all with maximum severities of "Important". MS08-037 Vulnerabilities in DNS Could Allow Spoofing (953230) MS08...
  • Microsoft Security Bulletin Webcast Q&A - July 2008

    Hosts: Mike Reavey, Group Security Program Manager Adrian Stone, Microsoft Security Response Center (MSRC) Website: TechNet/security Topic: Information about Microsoft Security Bulletins Date: Wednesday, July 9, 2008 Q: Why was CVE-2008-0951(Windows Vista not properly enforce the NoDriveTypeAutoRun registry value) not listed as a fixed vulnerability in the bulletin for MS08-038? The notice was embedded within the Bulletin FAQ and has been overlooked by many people. A: The vuln addressed...
  • July 2008 Advance Notification

    Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, July 8, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of our regularly scheduled bulletin release, we’re currently planning to release: · Four Microsoft Security...
  • Security Bulletin Webcast Questions & Answers

    Hey everyone, This is Jerry Bryant. I am the Business, Operations & Communications Manager on the Security Response Communications team. I am writing to let you know about a new process we are implementing regarding the questions and answers from our monthly security bulletin webcast. Attendee’s to the webcast ask a lot of great questions concerning the security updates we just released and we have many subject matter experts (SME’s) on hand to answer them. In order for the broader community...
  • Increased Threat for DNS Spoofing Vulnerability

    Hi. Bill here. Today we released Microsoft Security Advisory (956187) to warn you of public exploit code available for Microsoft Security Bulletin MS08-037 (Vulnerabilities in DNS Could Allow Spoofing (953230). We have investigated the public exploit code and have determined that customers who have installed Microsoft Security Bulletin MS08-037 are not affected. As you may recall, MS08-037 was released in coordination with other DNS vendors across the industry that were also impacted...
  • Update 2: Microsoft Security Advisory (954960)

    Hi. Bill here. I want to let you know that customers running Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 may experience an issue installing the update provided in Microsoft Knowledge Base Article 954960 . The update does not correctly elevate privileges, which are required for the installation to complete. In order to successfully install this update we have identified steps in Advisory 954960. Additionally, the update does not place an entry in Add or Remove...