Customers have heard us say over the years that the threat environment is an ever-evolving one. That means that one of our jobs in working to keep customers safe is to continually monitor the threat environment and make changes to adapt to it. Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable...

Hi, During this month’s webcast we were able to address 15 questions in the time allotted, but have included the additional questions asked in this QA post. Most of the questions centered on the MS09-013 : the Windows HTTP bulletin, MS09-014 : Internet Explorer Bulletin, and MS08-015 , the Blended Threat bulletin. We did address additional questions regarding the other bulletins, as well as, questions concerning Product Support Lifecycle. Here is the link to the full Q&A so you can see...

Hello again, This is Jerry Bryant letting you know that we have published the security bulletin webcast video. As you know, on Tuesday, we published a quick overview of the 8 bulletins we released on that day. Yesterday we conducted a live, public webcast, where we went in to more detail on each bulletin. The recording from that webcast is embedded below. Usually we include the questions and answers portion along with this but this month we will point you to the transcript which should be published...

April is here and is turning out to be a typical, busy month, if one can call it that. In general, when we have a large release, the number of updates ranges from 7-12. With this in mind, we released eight security updates this month: 5 rated as Critical, 2 rated as Important, and one rated as Moderate. MS09-009 This bulletin addresses two remote code execution vulnerabilities in Microsoft Excel. An attacker could exploit the vulnerability by sending a user a malformed Microsoft Excel...

Hello everyone, As you can see from the April 2009 release summary, we addressed the Token Kidnapping issue with bulletin MS09-012 . This issue allowed an attacker to gain full control of a server if the attacker can first run malicious code on the server as a lesser privileged user. This issue was originally presented by Cesar Cerrudo in March of 2008 at Hack in the Box (Dubai) 2008 . In April of 2008, we released an advisory to inform customers of actions they could take to protect...

Hi Everyone, Jerry Bryant again. Here is the overview video for the April 2009 bulletins. Please join us tomorrow at 11:00 am PDT (UTC –7) for our bulletin webcast where we will cover this months updates in more detail and try to answer all of your bulletin related questions. More viewing options: Windows Media Video (WMV) Windows Media Audio (WMA) Large Preview Image (PNG) Small Preview Image (PNG) iPod Video (MP4) MP3 Audio Streaming WMV (512kbps) High Quality WMV (2.5 Mbps) Zune Video (WMV) Thanks...

We’ve seen some activity in the Conficker space in the past two days and this has caused some questions from customers. Specifically, there have been reports of two possible new variants of Conficker . Our colleagues over at the Microsoft Malware Protection Center (MMPC) have done a thorough analysis of both of these and have determined that there’s really only one new variant, which they’re calling Conficker.E . Most importantly, the signatures that protect against Conficker.A are also effective...

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release, scheduled for Tuesday, April 14, 2009 around 10 a.m. Pacific Daylight Time. This should help you plan for your deployment process for next week and address these vulnerabilities to protect your computing environments. As part of this month’s security bulletin release process, we will issue eight security bulletins – five rated ‘Critical,’ two rated ‘Important,’ and one rated...

Hello, Bill here, Today is the release of the Microsoft Security Intelligence Report volume 6. The report can be found here: http://www.microsoft.com/sir . A section in the report is devoted to out-of-band (OOB) releases. So, I thought I would blog a bit about these types of releases in the broader context of update management. Security update management is a security discipline in itself. It is a fundamental security pillar in the security protection landscape. It is comprised...

Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (969136) . This advisory contains information regarding public reports of a vulnerability in Microsoft Office PowerPoint that could allow for remote code execution if a user opens a specially crafted PowerPoint file. At this time, we are aware only of limited and targe ted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your...