December, 2008

  • December 2008 Advanced Notification

    Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Dec. 9, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of our regularly scheduled bulletin release, we’re currently planning to release eight security bulletins: ...
  • December 2008 Monthly Bulletin Release

    Hi, This is Christopher Budd. I wanted to let you know that we’ve just released our security bulletins for December. The new bulletins for this month are: · MS08-070 : Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical” · MS08-071 : Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical” · MS08-072 : Vulnerabilities in Microsoft Office Word Could Allow Remote...
  • Microsoft Security Advisory 961051

    Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (961051) . This advisory contains information regarding new attacks against a new vulnerability in Internet Explorer. At this time, we are aware of limited attacks attempting to use the reported vulnerability, but we will continue to track this issue. The advisory contains workarounds that customers can use to help protect themselves. Upon completion of this investigation, Microsoft will...
  • Microsoft Security Advisory 961051 Updated

    Hello, This is Christopher Budd, We’ve just posted a revision to Microsoft Security Advisory (961051) with the latest information from our ongoing work around this issue. While the known attacks are only targeting Internet Explorer 7, we have found that the underlying vulnerability affects all currently supported versions of Internet Explorer. We have updated the advisory to include this information. We’ve also added additional workarounds to the advisory and updated our guidance to recommend...
  • Friday update for Microsoft Security Advisory 961051

    Hi this is Christopher Budd, I wanted to give you a quick update on a couple of new things today related to Microsoft Security Advisory 961051 . We’ve made another revision to the advisory today. Our research teams are working around the clock to help identify better, more effective workarounds to give customers more options to evaluate and we’ve updated the advisory with the latest information from their research. We’ve also posted some additional details and information on the Security...
  • Advance Notification for December 2008 Out-of-Band Release

    Hi this is Christopher Budd, We’ve just published our Advance Notification for an out-of-band security bulletin release. We plan to release the security update tomorrow, Dec. 17, 2008 to address the vulnerability we’ve discussed in Microsoft Security Advisory 961051 . Our target time, as always, is 10:00 a.m. Pacific Time. We’ll be holding two special webcasts to give you details and take your questions. · December 17, 2008 1:00 PM Pacific Time · December 18,2008 11:00 AM Pacific Time ...
  • MS08-078 Released

    Hello, Mike here, Today we released security update MS08-078 , protecting customers from active attacks against Internet Explorer. This update will be applied automatically to hundreds of millions of customers through automatic updates over the next few days. And, for our enterprise customers - with multiple systems within their networks – this update can be deployed through all standard security update management systems including, SCCM, SMS, WSUS, and Windows Update as of 10AM PST today. ...
  • Microsoft Security Advisory 961040

    Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (961040) . This advisory contains information regarding public reports of a vulnerability in SQL Server that could allow for remote code execution. We are aware that exploit code has been published on the Internet; however, we are not aware of any attacks attempting to use the reported vulnerability. To successfully exploit this vulnerability an attacker must be local, or remote, authenticated...
  • Tuesday 12/23 Update: Microsoft Security Advisory 961040

    Hello, Bill here, I want to provide you with a quick update regarding our recently released security advisory . In the advisory we provide a workaround to help customers protect themselves from attackers trying to exploit this vulnerability. Customers have told us that it ’ s helpful when we provide information and guidance on how to automate the deployment of workarounds, so we have taken this a step further and worked with the SQL Engineering Team to providing Enterprise and Business...
  • Questions about Vulnerability Claim in Windows Media Player

    Happy holidays to everyone. While it’s been a snowy holiday season for us in the Pacific Northwest (some of us are still snowed in), the MSRC never closes and we are always working to help keep customers safe. In that vein, we’ve received some questions about a vulnerability report that was initially posted late on Christmas eve. When we saw it we set our teams to work over the holidays to investigate it. They’ve wrapped up their investigation and since we’ve gotten questions on it, I wanted to...