Browse by Tags

Related Posts
  • Blog Post: Security Advisory 981169 Released

    Hello again, Today we released Security Advisory 981169 to address the VBScript issue involving Windows Help files that we blogged about yesterday . To reiterate what we said in that post, we are not aware of any active attacks at this time and the following operating systems are not affected by this...
  • Blog Post: Security Advisory 2416728 - Workaround Update

    Hi everyone - We've updated Microsoft Security Advisory 2416728 to include a step in the workaround requiring the blocking of requests that specify the application error path on the querystring. This can be done using URLScan, a free tool for Internet Information Services (IIS) that can selectively...
  • Blog Post: Security Advisory 2416728 Released

    Hi everyone, Today we released Security Advisory 2416728 describing a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time we are not aware of any attacks using this vulnerability and we encourage customers to review the advisory for mitigations...
  • Blog Post: Security Advisory 979352 Released

    Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks. Today, Microsoft issued guidance to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet...
  • Blog Post: Update on MS10-025

    I wanted to give customers an update on the status of MS10-025 . First, I want to reiterate that this issue affects only Windows 2000 Servers in a non-default configuration: Windows Media Services needs to be installed. Customers who do not have Windows Media Services installed are not affected and were...
  • Blog Post: Restart issues after installing MS10-015

    Hi everyone, I am writing to let you know that we are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not...
  • Blog Post: Security Advisory 983438 Released

    Hello. Today we released Security Advisory 983438 , addressing a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0 that could allow Elevation of Privilege (EoP) within the SharePoint site itself. Servers are at reduced risk from Internet Explorer 8 clients...
  • Blog Post: Windows Help Vulnerability Disclosure

    Hello, We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We are not aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at...
  • Blog Post: ActiveX Control issue being addressed in Update Tuesday

    Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed...
  • Blog Post: MS10-025 Security Update to be Re-released

    Hi, MS10-025 is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks...
  • Blog Post: Security Advisory 2286198 Updated

    We've just updated Microsoft Security Advisory 2286198 to let customers know that we now have an automated "Fix It" available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198 , but in summary running...
  • Blog Post: Fix it for Security Advisory 2794220 now available

    We have updated Security Advisory 2749920 to include the Fix it we discussed in Saturday’s blog post . This easy, one-click Fix it is available to everyone and prevents the vulnerability from being used for code execution without affecting your ability to browse the Web. Additionally, applying...
  • Blog Post: Update on Security Advisory 981374

    Hi everyone, I’m writing to let you know that we have updated Security Advisory 981374 with new workaround information. We are aware that exploit code has been made public for this issue. As with our last update, Internet Explorer 8 remains unaffected by the vulnerability addressed in the advisory...
  • Blog Post: Microsoft Security Advisory 977544 Released

    Today we released Security Advisory 977544 to provide information, including customer guidance, on a publicly reported Denial-of-Service (DoS) vulnerability affecting Server Messaging Block (SMB) Protocol. This vulnerability, in SMBv1 and SMBv2, affects Windows 7 and Windows Server 2008 R2. Windows Vista...
  • Blog Post: Additional information about Internet Explorer and Security Advisory 2757760

    We will release a Fix it in the next few days to address an issue in Internet Explorer, as outlined in the Security Advisory 2757760 that we released yesterday. While we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people, we are taking this proactive...
  • Blog Post: Microsoft Security Advisory 973472 Released

    Hi Everyone, This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control...