February, 2009

  • Microsoft Security Advisory 968272

    Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (968272) . This advisory contains information regarding public reports of a vulnerability in Microsoft Office Excel that could allow for remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. We are developing a security update for Microsoft Office that addresses this vulnerability...
  • February 2009 Security Bulletin Webcast Videos

    Hey everyone, This is Jerry Bryant, senior program manager on the security response communications team. We are already posting the Q&A from our monthly security bulletin webcasts here on the blog but if you attended our live webcast on Wednesday 2/11/2009, you may have heard Christopher Budd mention that we were recording the session and would be posting video as well. Our goal will be to post the recordings here each month. And, starting in March 2009, we will be streaming live video...
  • Security Bulletin Webcast Questions and Answers - February 2009

    Hi, During this month’s webcast we were able to address 37 questions in the time allotted. Most of the questions asked involved MS09-002 (Internet Explorer), MS09-003 (Exchange Server) and MS09-004 (SQL Server). We only received a few questions regarding MS-09-005 (Visio). There were also a couple of questions regarding update deployment and attack vectors addressed. Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions: ...
  • Monthly Security Bulletin Webcast Q&A - February 2009

    Register now for the March 2009 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Sr. Security Program Manager Lead (MSRC) Website: TechNet/security Chat Topic: February 2009 Security Bulletin Date: Wednesday, February 11, 2009 Q: Why are there no updates for Internet Explorer versions prior to Internet Explorer 7? A: The vulnerabilities addressed in MS09-002 are not applicable...
  • Conficker Activity Update

    There’s been a lot of activity today around the Conficker worm here at Microsoft and across the industry. I wanted to give everyone a quick, high-level overview on what’s been going on today. First, today we’re making public, the work we and many other industry and academic partners have been doing behind the scenes to help combat the Conficker worm. Second, we’ve provided additional information from our research to our Microsoft Active Protections Program (MAPP) partners and our Microsoft...
  • Conficker Domain Information

    I wanted to follow up our recent Conficker post from last Friday where we posted new pages to consolidate our information on Conficker for enterprises and consumers . We’ve also made the easy-to-remember URL www.microsoft.com/conficker available that will take you directly to the Conficker page for enterprises . We’ve shared some additional information today with our Microsoft Active Protections Program (MAPP) partners and our Microsoft Security Response Alliance (MSRA) partners. We believe that...
  • February 2009 Monthly Bulletin Release

    Today we’re releasing four new security bulletins as part of our regular monthly release process. · MS09-002 rated Critical that addresses two code execution vulnerabilities in Internet Explorer. · MS09-003 rated Critical that addresses one code execution vulnerability and one denial of service vulnerability in Exchange Server. · MS09-004 rated Important that addresses one code execution vulnerability in SQL Server. · MS09-005 rated Important that addresses three code execution vulnerabilities...
  • New Information Pages on Conficker

    Very briefly, I wanted to let everyone know that based on customer request, we’ve posted two new pages that provide information you can use to protect against and remove Conficker. These pages consolidate information that we have related to the Conficker incident and provide links to the other, more detailed resources like the Microsoft Malware Protection Center weblog and encyclopedia. The page located here is intended to help consumers and home users. The page located here is intended...
  • February 2009 Advanced Notification

    Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Feb. 10, 2009 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of this month’s security bulletin release process, we will issue four security bulletins – two rated ‘Critical...