Overview Today we released Microsoft Security Advisory 2269637 . This is different from other Microsoft Security Advisories because it's not talking about specific vulnerabilities in Microsoft products. Rather, this is our official guidance in response to security research that has outlined a new, remote vector for a well-known class of vulnerabilities, known as DLL preloading or "binary planting" attacks . We are currently conducting a thorough investigation into how this new vector may affect...

Hello, As we announced on Friday , today we released Security Bulletin MS10-046 out-of-band to address a vulnerability in Windows. This security update addresses a vulnerability in the handling of shortcuts that affects all currently supported versions of Windows XP, Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2. As our colleagues over in the MMPC have noted, several families of malware have been attempting to attack this vulnerability. The security update protects against attempts...

Hello; I'm Angela Gunn and I'm new to the Response Communications team. Today we're releasing our advance notification for the August security bulletin release, which is scheduled for Tuesday, August 10. This month's release is composed of 14 bulletins addressing 34 vulnerabilities in Windows, Microsoft Office, Internet Explorer, SQL MSXML, and Silverlight. Eight of the bulletins carry a Critical severity rating, and six are rated Important. As always, we recommend that customers review the ANS...

Hi everyone, Since we released Security Advisory 2269637 on August 23, we've continued to conduct an investigation not only into our own affected products, but also into how we can best help to protect customers given DLL preloading also affects some third-party applications. We'd like to provide an update on our investigation. First, I want to be clear that Microsoft plans to address those of our products affected by this issue in the most appropriate way for customers. This will primarily...

Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments: MS10-052 This bulletin resolves a privately reported vulnerability in Microsoft's MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted...

Hi everyone, Yesterday we tweeted to let customers know that we were investigating a publicly disclosed vulnerability in the Windows Kernel-mode drivers (win32k.sys) affecting all supported operating systems. We are not aware of attacks that try to use the reported vulnerability or of any customer impact at this time. Today we have more information, as well as a planned course of action. While most in the industry reported this as a low-severity vulnerability, it generated quite a bit of attention...

Hello, Today we published the Questions & Answers from the August 2010 Security Bulleting webcast . We answered a total of 17 questions concerning the March bulletins and open Security Advisories. No particular themes emerged from the questions but there were some good ones so please review them. The video covers the core part of the presentation Adrian Stone and I gave during the webcast. We talk about the 14 bulletins for August and Security Advisory 2264072 . Please join us for our...

Hello - During today's webcast our team of technical experts answered over fifty questions regarding the August 2010 Out-of-Band Security Release update questions. Click here to review the entire list of questions and answers from today's Out-of-Band webcast Q&A page. Also, here is the link to the Q&A index page for your review - in case you wanted to view any of the past 12 webcast Q&A's. As always, customers experiencing issues with the installation of today's security update...