New report of a Windows vulnerability

Hi everyone, As usual the holiday season is a busy time for everyone including those of us here in the MSRC.  I hope that everyone has finished their holiday shopping so they can enjoy the long weekend. This is Mike Reavey by the way in case anyone was wondering. Aside from discussing the holidays, the…


Update on accidental posting of pre-release security updates for Office for Mac

We wanted to follow up with Office for Mac users on what to do if you installed the pre-release security updates released on Tuesday.  Because the Office for Mac update that was erroneously released had additional, non-security fixes, the Office for Mac team would like to distribute a new update to its customers that includes…


Update on Current Word Vulnerability Reports

Hey everyone, Alexandra Huft here. I wanted to try and summarize/clarify for everyone the three current Word Zero-Day issues that have been reported to Microsoft.   First, I wanted everyone to know that we’re actively investigating and monitoring all of these issues through our Software Security Incident Response Process and we are working on developing and…


Information on accidental posting of pre-release security updates for Office for Mac

We’ve seen some questions from customers about some security updates that posted for a while today for Office for Mac that they didn’t see any security bulletins for. I wanted to let you know that these weren’t security updates related to this month’s release or the two Word issues we’ve written about in Security Advisory…


December 2006 Monthly Security Bulletin Release

Hello, this is Christopher Budd.   I wanted to let you know that as part of our standard monthly bulletin release process we’ve released our security bulletins for December 2006.   ·         Microsoft Windows (MS06-072) ·         maximum severity rating of Critical ·         vulnerabilities could allow an attacker to remotely take complete control of an affected…


New Report of A Word Zero Day

Hi All, Scott Deacon here, well a busy week extends into a busy weekend for the MSRC!!   We are investigating reports of another new vulnerability in Microsoft Word – initial investigation has shown that this is a different issue to that reported in Microsoft Security Advisory 929433.   Our initial investigation has discovered that…


What “very limited, targeted attacks” Means

Hi, this is Christopher Budd. We’ve gotten some question from customers about what we mean when we say we’re aware of “very limited, targeted attacks” in a security advisory.  I wanted to take a moment and help give some clarity. When we talk about “very limited, targeted attacks” we specifically mean this in contrast to…


Public Proof of Concept Code for ASX File Format Isssue

Hey everyone this is Alexandra Huft   I wanted to let you know that we’re aware of proof-of-concept code published publicly affecting Windows Media ASX file format. We are currently investigating this report. We are not currently aware of attempts to exploit this vulnerability.   The ASX file format is an XML-based media file format…


December 2006 Advanced Notification

Hello, This is Christopher Budd and I’m posting here today to let you know that we’ve posted our Advanced Notification for the December 2006 Microsoft Monthly Security Bulletin Release. Next Tuesday, on December 12, 2006 at approximately 10:00 am PT we are slated to release six new security bulletins: Five Microsoft Security Bulletins affecting Microsoft Windows….


Microsoft Security Advisory (929433) Posted

Hey everyone this is Alexandra Huft   I wanted to let people know that we just posted Microsoft Security Advisory (929433) which involves Microsoft Word. We are currently investigating a report of a proof of concept which may allow an attacker to execute code on a user’s machine by convincing them to open a specially-crafted Word document….