Hi, Bill here, The March 2009 release contains 3 new bulletins, 1 of which has a maximum severity of "Critical". MS09-006 - Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) MS09-007 - Vulnerability in SChannel Could Allow Spoofing (960225) MS09-008 - Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) We also revised bulletin MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) , to note a revision to some of...

Hello, Today we published the October Security Bulletin Webcast Questions & Answers page . We fielded eight questions across all bulletins. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page. We invite our customers to join us for the next public webcast on Wednesday, November 9th at 11am PDT (UTC -7), when we will go into detail about the November bulletin release and answer...

Today we revised Security Advisory 2755801 to address issues in Adobe Flash Player in Internet Explorer 10 on Windows 8, this revision was released in conjunction with Adobe’s update process. Customers who have automatic updates enabled will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft...

Helping Customers Face to Face It's hard work to stand the whole day, as anyone who has worked a conference will tell you. But it's really also a lot of fun to hear the stories from our customers (though I do fear I'm going to learn some kind of Pavlovian response to the "click click click" of the MSRC "Wheel of Fortune" in my ear the whole day!). Yesterday I listened to a really painful story that one customer had with a virus infection that he just could not get rid of. The virus...

Musings at midnight from the “W” bar For reasons that are not entirely clear to me, I found myself hanging out in a very crowded “W” bar at midnight last night – well past my bedtime – unless, of course, there is some security incident, in which case I would be sitting in my chair at our war room looking and sounding grouchy – but anyway I digress – back to the “W” bar . . . . There was quite a crowd there last night as there as RSA attendees gathered to cap off the night after...

Hello, Today we published the March Security Bulletin Webcast Questions & Answers page . We fielded five questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. We invite our customers to join us for the next public webcast on Wednesday, April 13th at 11am PDT (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air. Customers can register to attend at the link below...

Trends, or lack thereof... Sometimes you can pick up a common theme when you go to an industry show. You find that lots of vendors are talking about topic X or half of the talks seem to mention topic Y. I still haven’t found that common theme though at this event. Looking at the session guide, you can find sessions on everything from IM to PKI configuration, to virus research, to the legal aspects of security. There is even an entire track that talks primarily about how to think about...

Hi, On Thursday, October 23, 2008, Microsoft released an Out-Of-Band Security Bulletin (MS08-067). To meet the customer demand for information relating to this release, Microsoft conducted three customer webcasts. Two of these webcasts were conducted on Thursday, October 23 rd and the other on Friday, October 24 th . The link below will direct you to a collection of all questions answered during the three webcasts. Here is the link to the full Q&A so you can see all of the answers...

MSRC Customer Survey: Win an Xbox game! Wow, what an exciting day yesterday at RSA! Bill Gates actually talked about the Microsoft Security Response Center within the very opening of his keynote address! Bill also outlined Microsoft’s three key focus areas for security, which are technology innovation, guidance and industry leadership. What we do in the MSRC falls squarely within the prescriptive guidance area. Bill talked about the improvements we’ve made to provide deep guidance...

Hi, During this month’s webcast we were able to address 37 questions in the time allotted. Most of the questions asked involved MS09-002 (Internet Explorer), MS09-003 (Exchange Server) and MS09-004 (SQL Server). We only received a few questions regarding MS-09-005 (Visio). There were also a couple of questions regarding update deployment and attack vectors addressed. Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions: ...