Advisory posted on the recent Word vulnerability.

Hi everyone, Stephen Toulouse here again.  Just wanted to make you aware that we have reached the point in our investigation of the limited attacks trying to use the Word vulnerability that provided us with enough information to develop some stronger workarounds and mitigations.  We’ve posted all that into a new security advisory: Just…


Microsoft Security Bulletin Webcast Q&A – Index Page

Below is an index of the Question & Answers from our monthly security bulletin webcast.   To find the registration link for the next webcast, please visit the following link:    To view previous webcasts On-Demand, please visit this link:  Index: October 2010 – September 2010 – Out-of-Band (MS10-070) –…


MS08-067 Released

Hi, This is Christopher Budd. Following up on my post from last night, I wanted to let you know that we’ve released MS08-067 today. This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and…


A quick entry on the VML issue.

Hi everyone, Scott Deacon here again. Wanted to update you on what we’ve seen to date with the VML issue.  Attacks remain limited.  There’s been some confusion about that, that somehow attacks are dramatic and widespread.  We’re just not seeing that from our data, and our Microsoft Security Response Alliance partners aren’t seeing that at…


Questions about Web Server Attacks

Hi there this is Bill Sisk. There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information. To begin with, our investigation has shown that there are no new or unknown vulnerabilities being…


Latest on security update for Microsoft Security Advisory 935423

Hello everyone, this is Christopher Budd.   We have some new information tonight on the status of the security update that we’re working on that addresses the vulnerability in Windows Animated Cursor Handling.   From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat….


Microsoft Security Advisory (925568) Posted.

Morning, Scott here from the MSRC Operations team again, I wanted to let everyone know that we have just posted Microsoft Security Advisory (925568). You can read more in the advisory, but after working with the folks from the X-Force team at ISS, we confirmed new public reports of a vulnerability in the Microsoft Windows…


Information About Public Postings Related to MS06-035

Hey everyone, this is Adrian Stone from the MSRC and I wanted to take a moment to clarify some recent reports about a vulnerability that was not addressed in this month’s MS06-035 security update. As soon as we heard about the posting, we initiated our Software Security Incident Response Process to investigate. We now have…


New Report of A Word Zero Day

Hi All, Scott Deacon here, well a busy week extends into a busy weekend for the MSRC!!   We are investigating reports of another new vulnerability in Microsoft Word – initial investigation has shown that this is a different issue to that reported in Microsoft Security Advisory 929433.   Our initial investigation has discovered that…


Questions about last Tuesday’s Release and Skype

Hello everyone this is Christopher Budd. We’ve been getting questions from customers about a posting that Skype made today about a recent service outage they experienced on August 16, 2007. Specifically, we have questions from customers looking for clarification about the role Windows Update and this month’s release played in that situation, if any.  In…