Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (968272) . This advisory contains information regarding public reports of a vulnerability in Microsoft Office Excel that could allow for remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. We are developing a security update for Microsoft Office that addresses this vulnerability...

Hey everyone, This is Jerry Bryant, senior program manager on the security response communications team. We are already posting the Q&A from our monthly security bulletin webcasts here on the blog but if you attended our live webcast on Wednesday 2/11/2009, you may have heard Christopher Budd mention that we were recording the session and would be posting video as well. Our goal will be to post the recordings here each month. And, starting in March 2009, we will be streaming live video...

Hi, During this month’s webcast we were able to address 37 questions in the time allotted. Most of the questions asked involved MS09-002 (Internet Explorer), MS09-003 (Exchange Server) and MS09-004 (SQL Server). We only received a few questions regarding MS-09-005 (Visio). There were also a couple of questions regarding update deployment and attack vectors addressed. Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions: ...

There’s been a lot of activity today around the Conficker worm here at Microsoft and across the industry. I wanted to give everyone a quick, high-level overview on what’s been going on today. First, today we’re making public, the work we and many other industry and academic partners have been doing behind the scenes to help combat the Conficker worm. Second, we’ve provided additional information from our research to our Microsoft Active Protections Program (MAPP) partners and our Microsoft...

I wanted to follow up our recent Conficker post from last Friday where we posted new pages to consolidate our information on Conficker for enterprises and consumers . We’ve also made the easy-to-remember URL www.microsoft.com/conficker available that will take you directly to the Conficker page for enterprises . We’ve shared some additional information today with our Microsoft Active Protections Program (MAPP) partners and our Microsoft Security Response Alliance (MSRA) partners. We believe that...

Today we’re releasing four new security bulletins as part of our regular monthly release process. · MS09-002 rated Critical that addresses two code execution vulnerabilities in Internet Explorer. · MS09-003 rated Critical that addresses one code execution vulnerability and one denial of service vulnerability in Exchange Server. · MS09-004 rated Important that addresses one code execution vulnerability in SQL Server. · MS09-005 rated Important that addresses three code execution vulnerabilities...

Very briefly, I wanted to let everyone know that based on customer request, we’ve posted two new pages that provide information you can use to protect against and remove Conficker. These pages consolidate information that we have related to the Conficker incident and provide links to the other, more detailed resources like the Microsoft Malware Protection Center weblog and encyclopedia. The page located here is intended to help consumers and home users. The page located here is intended...

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Feb. 10, 2009 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of this month’s security bulletin release process, we will issue four security bulletins – two rated ‘Critical...