MSRC

  • December 2006 Monthly Security Bulletin Release

    Hello, this is Christopher Budd. I wanted to let you know that as part of our standard monthly bulletin release process we’ve released our security bulletins for December 2006. · Microsoft Windows ( MS06-072 ) · maximum severity rating of Critical · vulnerabilities could allow an attacker to remotely take complete control of an affected system. · Microsoft Visual Studios 2005 ( MS06-073 ) · maximum severity rating of Critical · vulnerabilities could allow an attacker...
  • Information on accidental posting of pre-release security updates for Office for Mac

    We’ve seen some question s from customers about some security updates that posted for a while today for Office for Mac that they didn’t see any security bulletins for. I wanted to let you know that these weren’t security updates related to this month’s release or the two Word issues we’ve written about in Security Advisory 929433 and on our weblog : those investigations are still underway and we’ll release updates for those issues once we’ve met the appropriate quality bar. The updates posted...
  • November 2006 Advance Notification

    Hello, This is Christopher Budd, program manager here at the MSRC. It's the Thursday before the second Tuesday and so I wanted to go ahead and let people know that we've posted our Advance Notification for November 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on Nov. 14, 2006 at approximately 10:00 am PT we are slated to release six new security bulletins: One Microsoft Security Bulletin affecting Microsoft XML Core Services. The highest Maximum Severity rating for this...
  • Microsoft Security Advisory (927709) Posted

    Hello, Christopher Budd here. Very quickly, I wanted to let people know that we just posted Microsoft Security Advisory (927709) that talks about public proof of concept code published on an issue in the WMI Object Broker ActiveX control. We are aware of the possibility of limited attacks that are attempting to use the reported vulnerability. We're tracking this issue through our Software Security Incident Response Process and we have information in the advisory as far as steps customers can...
  • November 2006 Monthly Security Bulletin Release

    Hey folks - Mike Reavey here. I wanted to let you know we’ve released our security bulletins for the month of November 2006 here today. We’re releasing six new security bulletins today: · Microsoft Windows ( MS06-066 ) · maximum severity rating of Important · vulnerabilities could allow an attacker to remotely take complete control of an affected system. · Microsoft Windows ( MS06-067 ) · maximum severity rating of Critical · vulnerabilities could allow an attacker to remotely...
  • Microsoft Security Advisory (928604) Posted

    Hello, This is Adrian Stone. I wanted to let you know that we just posted Microsoft Security Advisory (928604) . Microsoft is aware of public proof of concept code targeting the vulnerability addressed by security update MS06-070 . At this time Microsoft has not seen any indications of active exploitation of the vulnerability. We're tracking this issue through our Software Security Incident Response Process and there is information in the advisory with steps that customers can take to help...
  • MS06-071 Available Through SUS 1.0

    Hello, This is Christopher Budd. I wanted to follow up our posting on the November 2006 Monthly Bulletin release to let folks know that MS06-071 has been made available for SUS 1.0. Those of you who are SUS 1.0 administrators should begin to see those updates show up for your approval. Thanks. Christopher *This posting is provided "AS IS" with no warranties, and confers no rights.*
  • Microsoft Security Advisory (929433) Posted

    Hey everyone this is Alexandra Huft I wanted to let people know that we just posted Microsoft Security Advisory (929433) which involves Microsoft Word. We are currently investigating a report of a proof of concept which may allow an attacker to execute code on a user’s machine by convincing them to open a specially-crafted Word document. We are aware of limited attacks attempting to use the vulnerability reported. I will keep everyone up to date as new or additional information becomes...
  • December 2006 Advanced Notification

    Hello, This is Christopher Budd and I'm posting here today to let you know that we've posted our Advanced Notification for the December 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on December 12, 2006 at approximately 10:00 am PT we are slated to release six new security bulletins: Five Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security...
  • Public Proof of Concept Code for ASX File Format Isssue

    Hey everyone this is Alexandra Huft I wanted to let you know that we’re aware of proof-of-concept code published publicly affecting Windows Media ASX file format. We are currently investigating this report. We are not currently aware of attempts to exploit this vulnerability. The ASX file format is an XML-based media file format which is processed by Windows Media Player. An attacker could construct a malformed ASX file and use it to cause Media Player to overrun a heap-allocated buffer...