Results of Investigation into Holiday IIS Claim

We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS. What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims…

0

New Reports of a Vulnerability in IIS

Hi everyone, On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a…

0

December 2009 Security Bulletin Webcast

Hello again. This is Jerry Bryant letting you know that the questions and answers from the December 2009 security bulletin webcast have now been posted here. There is one question that I wanted to provide a little more information on and that references reports of KB973917 causing problems with Internet Information Services (IIS) 6.0 running…

0

Monthly Security Bulletin Webcast Q&A – December 2009

Hosts:                   Adrian Stone, Senior Security Program Manager Lead                                 Jerry Bryant, Senior Security Program Manager Lead Website:         TechNet/security Chat Topic:     December 2009 Security BulletinsDate:               Wednesday, December 9, 2009     Q: In reference to Windows Vista KB973565, we have machines that install this update, then reboot and uninstall the update. Is this a known problem? It downloads and installs…

0

December 2009 Security Bulletin Release

Summary of Microsoft’s Security Bulletin Release for December 2009 As noted in our Advance Notification (ANS) last Thursday, for the December bulletin release we issued six security bulletins addressing 12 vulnerabilities. Affected products include Windows, Internet Explorer (IE) and Microsoft Office products. In the ANS, we also noted that the bulletin for IE (MS09-072) is…

0

December 2009 Bulletin Release Advance Notification

Advance Notification for the December 2009 Security Bulletin Release For December we are planning to release six new security bulletins addressing 12 vulnerabilities in Windows, Internet Explorer (IE) and Microsoft Office products. Three of the bulletins have a maximum severity rating of Critical and three have a maximum severity rating of Important. To help customers…

0

Reports of Issues with November Security Updates

We’ve received questions about public reports that customers might be experiencing system issues with the November Security Updates (which some are referring to “Black Screen” issues). We’ve investigated these reports and found that our November Security Updates are not making changes to the system that these reports say are responsible for these issues. While these…

0

Security Researcher Acknowledgements for Microsoft Online Services

This Thursday, many people in the United States will celebrate Thanksgiving. As you probably all know, this is traditionally seen as a time to express gratitude. Well, yesterday, we updated our “Security Researcher Acknowledgments for Microsoft Online Services” page to publicly say “thank-you” to researchers that reported issues in our online services to us for…

0

Microsoft Security Advisory 977981 Released

We just released Security Advisory 977981 concerning an issue affecting Internet Explorer 6 and Internet Explorer 7 that could lead to remote code execution. At this time, we are not aware of any active attacks seeking to use this vulnerability. Our teams are currently working to develop an update and we will take appropriate action…

0

Microsoft Security Advisory 977544 Released

Today we released Security Advisory 977544 to provide information, including customer guidance, on a publicly reported Denial-of-Service (DoS) vulnerability affecting Server Messaging Block (SMB) Protocol. This vulnerability, in SMBv1 and SMBv2, affects  Windows 7 and Windows Server 2008 R2. Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003 and Windows 2000 are not affected….

0