We’ve just released Microsoft Security Advisory 971778 today. This discusses a new vulnerability in Microsoft DirectShow affecting Windows 2000, Windows XP and Windows Server 2003 that is under limited attack. The advisory outlines information about the vulnerability and steps customers can take to protect themselves while we’re working on a security update to address the issue. Our investigation has shown that the vulnerable code was removed as part of our work building Windows Vista. This...

I wanted to let you know that we have just posted Microsoft Security Advisory (971492) . This advisory contains information regarding public reports of a vulnerability in Microsoft Internet Information Services (IIS) that could allow Elevation of Privilege . Products affected are IIS 5.0, IIS 5.1, and IIS 6.0. The advisory contains guidance and workarounds that customers can use to help protect themselves. We will continue to monitor the situation and post updates to the advisory and the MSRC...

In the May 2009 security bulletin webcast, we addressed several questions relating to MS09-017 in addition to questions about WSUS and MBSA. For those questions that came in after we concluded the webcast, we have provided answers in the published Q&A which you can find here: http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-May-2009.aspx Also, here is the link to the Q&A index page in case you want to view previous months: http://blogs.technet.com/msrc/pages/microsoft...

Summary of Microsoft’s monthly security bulletin release for May 2009. Today we released one security bulletin, MS09-017 , affecting our PowerPoint products. This update addresses several vulnerabilities including the issue described in Microsoft Security Advisory 969136 . In that advisory, we noted that we were aware of limited, targeted attacks. The security of our customers is important to us and due to these active attacks, we have released the updates for one product line (all versions of Microsoft...

Summary of the May 2009 Advance Notification for the 5/12/2009 security bulletin release. Today we are letting customers know that next week we will be releasing one security bulletin affecting Microsoft Office PowerPoint with an aggregate severity rating of critical. Customers should review the Advance Notification and prepare appropriately for deployment. The update should not require a restart unless the updated files are in use at the time they are installed. Customers can also detect systems...