I spent all day yesterday manning the MSRC Cabana and Security Guidance Booth. Between Stephen’s voice looping on the MSRC video running in the Cabana, and Simon’s funky accent saying “What can I tell you about the MSRC?” to every passer-by, I was so happy last night to be in the silence of my hotel room. However, some of the great interaction with the customers coming by the booth makes it all worth it. My job often takes place behind a computer screen... it's good to meet our customers face to...

I just want to take a moment to thank *everyone* who attended the MSRC talk today at Tech Ed. You guys asked some great questions and provided some awesome feedback. What I heard from you resoundingly, is that we're on the right track, and there are still great things we can do to further assist you. The talk ran about an hour and a half and you were all very gracious to laugh at my jokes and listen as we discussed the Security Bulletin Process, the Software Development Lifecycle, and our Emergency...

Wow, oh wow. It's always a pleasure to see Steve Ballmer speak, and it's a greater privilege to be here at Tech Ed 2005 supporting the great things he noted in his keynote. I've seen Bill Gates speak many times, but other than some internal presentations to employees I've never gotten a chance to see Steve speak to our customers live. (Steve's speech will be available in webcast form in a few hours. Check in here to watch.) I'm working the booth and cabana all day in addition to my security...

Hi folks, counting down - it's just a couple of weeks now until TechEd Orlando. Stephen, Mike and I are excited to have the opportunity once again to meet our customers, and hear your experiences and feedback around our security bulletins. This year at TechEd we will take this a step further with a focus group on exactly this topic. We really need to hear from you how you use our Security Bulletins, as part of our continual process evaluating how we can make the security bulletin offering more valuable...

It’s been just over a year since we experienced our last major network worm outbreak, Sasser, which exploited a vulnerability in the LSASS component of Windows in April 2004. On the security response team at Microsoft, it is part of our process to do post mortems after incidents or outbreaks and review how we can better manage these incidents more effectively for customers. We did that after Slammer, which actually prompted the development of our Software Security Incident Response Plan; we...

Hey folks - Mike Reavey here. Recently, some folks have asked us if there's a new security update in MSN Messenger. In doing some investigation, we've realized that these questions might be coming in because the "Date Published" on this page on our Download Center : shows it was published last Tuesday. Because of that it does look like there may be a new security issue in MSN Messenger 6.2. This download page is associated with the update referenced in MS05-009 , published on February 8, 2005. The...

Debby Fry Wilson here! I had the opportunity to attend the CanSecWest security research conference in Vancouver, Canada last week. It was a tremendously valuable and eye-opening experience to see and hear the passion, dedication and commitment that segments of security researchers put into their craft of finding and exposing security vulnerabilities in software products. In addition, it was an excellent opportunity for Microsoft to learn about the latest technical trends in the security research...

Hi everyone, Mike Reavey here to tell you about today's security bulletin and some other offerings to help protect and provide guidance for customers. Today's release includes one bulletin affecting Windows 2000. It's rated as "Important". (This update addresses the recently disclosed "greymagic" vulnerability that Stephen blogged about a few weeks back.) You might have read recently about our new pilot offering, Microsoft Security Advisories. The goal of security advisories are to provide...

Stephen Toulouse here with the MSRC, just wanted to provide everyone with some information related to public reports of a possible vulnerability in Microsoft Windows that was publicly disclosed. The issue involves the Windows Shell, and our initial investigation has found that significant user interaction would be required for an attacker to exploit this vulnerability. So far we have confirmed that Windows XP, Windows XP SP2 and Windows Server 2003 are not affected by this particular issue. We're...

Hey everyone, this is Mike Reavey from the MSRC. Welcome to the Microsoft Security Response Center Blog's new home! We here at the MSRC started the blog for our time at RSA 2005, but we had such great support and positive responses from customers that we’ve have decided to keep it going. Today we've moved the blog to a permanent home on TechNet. Thanks for making the move with us! You'll noticed that we have migrated all the previous postings from the old blog here for your reference. Today...