March, 2010

  • Internet Explorer Cumulative Update Releasing Out-of-Band

    Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing security update MS10-018 tomorrow, March 30, 2010, at approximately10:00 a.m. PDT (UTC-8). MS10-018 resolves Security Advisory 981374 , addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory and we continue to encourage all customers to upgrade to this version to benefit from the...
  • Security Bulletin MS10-018 Released

    Hi everyone, Today we released MS10-018 out-of-band due to increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability discussed in Security Advisory 981374 . I want to reiterate that Internet Explorer 8 is not affected by this issue so customers using this version are not affected by these attacks and we continue to encourage customers to upgrade to the newer version because it provides more security and protection. MS10-018 is a typical cumulative update for...
  • Update: MS10-015 security update re-released with new detection logic

    Hi, I am writing to let you know that we have revised the installation packages for MS10-015 with new logic that prevents the security update from being installed on systems if certain abnormal conditions exist. Such conditions could be the result of an infection with a computer virus such as the Alureon rootkit . If these conditions are detected, the update will not be installed and the result will be a standard Windows Update error. If a user receives this error, they should go to the following...
  • Update on Security Advisory 981374

    Hi everyone, I’m writing to let you know that we have updated Security Advisory 981374 with new workaround information. We are aware that exploit code has been made public for this issue. As with our last update, Internet Explorer 8 remains unaffected by the vulnerability addressed in the advisory and we continue to encourage all customers to upgrade to this version. On Wednesday we added a workaround to the advisory that helps to mitigate the vulnerability by disabling the peer factory class...
  • Security Advisory 981374 Released

    Hi everyone, Today we released Security Advisory 981374 addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is not affected by this issue. Customers using Internet Explorer 6 or 7 should upgrade to Internet Explorer 8 immediately to benefit from the improved security features and defense in depth protections. Additionally, Internet Explorer 5.01 on Windows 2000 is not affected. At this time, we are aware of targeted attacks seeking...
  • March 2010 Bulletin Release Advance Notification

    Today we are providing advance notification to customers that we will be releasing two bulletins this month affecting Windows and Microsoft Office products. Both bulletins are rated Important and address a total of 8 vulnerabilities. We recommend that customers review the Advance Notification webpage and prepare to deploy these bulletins as soon as possible. To provide additional guidance for deployment prioritization, customers should note that both bulletins will address issues that would require...
  • March 2010 Security Bulletin Release

    Today we are releasing two Important security bulletins addressing eight vulnerabilities in Windows and Microsoft Office. Both bulletins have an aggregate Exploitability Index rating of “1” so we recommend that customers deploy these updates as soon as possible. The Microsoft Exploitability Index provides additional information to help customers prioritize deployment of monthly security bulletins. A summary of today’s security updates can be found on the Microsoft Security Bulletin webpage . MS10...
  • Security Advisory 981169 Released

    Hello again, Today we released Security Advisory 981169 to address the VBScript issue involving Windows Help files that we blogged about yesterday . To reiterate what we said in that post, we are not aware of any active attacks at this time and the following operating systems are not affected by this issue: Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista. Our investigation is ongoing. Users on older versions of Windows should review the Security Advisory for mitigations...
  • March 2010 Security Bulletin Webcast

    Hello, Today we published the Questions & Answers from the March 2010 Security Bulleting webcast . We answered a total of 13 questions concerning the March bulletins and open Security Advisories. No particular themes emerged from the questions but there were some good ones so please review them. The video covers the core part of the presentation Adrian Stone and I gave during the webcast. We talk about the two bulletins for March, a bulletin re-release and Security Advisory 981374 . More listening...
  • Monthly Security Bulletin Webcast Q&A - March 2010

    Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: March 2010 Security Bulletin Release Date: Wednesday, March 10, 2010 Q: I use Macintosh computers with Microsoft Office 2008, should I be concerned about its usage following the release of MS10-017 ? A: The bulletin article for MS10-017 describes the vulnerabilities that affect Microsoft Office 2008 for Mac and also provides...