Information on Proof of Concept posting about hlink.dll

Hi everyone Christopher Budd here. I wanted to give you some information about the recent posting of proof of concept PERL script that claims to demonstrate a vulnerability in Excel’s processing of long links. As soon as we received these reports we immediately began an investigation into the posting. I wanted to let you know…


Security Advisory posted on the Microsoft Excel Vulnerability

Hi everyone, Mike Reavey here.  Just wanted to let you know we have posted our mitigations and workarounds researched throughout the weekend in the for of a security advisory.  It can be found here:   -Mike   *This posting is provided “AS IS” with no warranties, and confers no rights.*


Checking in on this month’s release.

Hi everyone. Stephen Toulouse here. As we do every month, after release the Customer Support Service Group, the MSRC, and the affected product groups all monitor uptake of the updates and keep a sharp eye out for any issues that might be causing problems. There were 12 updates this month and of course we’ve been…


Update on Microsoft Excel Vulnerability

Hey everyone, Mike Reavey here again.  We’re headed into the weekend and I wanted to check in and provide you with some more information about the Excel issue we are investigating.  As of right now it’s still just a single customer impacted.  But I want to reiterate that all of our various protection tools detect…


Reports of a new vulnerability in Microsoft Excel

Hi everyone, Mike Reavey here.  We’ve received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel.   Here’s what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or…


June 2006 security update release.

Hi everyone, Craig Gehre here.  It was tempting to make some sort of Cheaper by the Dozen reference or perhaps quote something from The Dirty Dozen, but I feel it would have been a bit obvious. I’ll just keep my comments short so you can get on to more exciting things like reading the below…


Hello from TechEd 2006

Hello, this is Christopher Budd. I’m here this evening at TechEd 2006. This year, TechEd is in Boston, Massachusetts at the Boston Convention Center. (If you want to see where we are using the new Windows Live Local, you can see a view of it here). I’m sure you know from our RSA postings that…


Microsoft presenting at the Black Hat security conference in Las Vegas

Hi everyone, Stephen Toulouse here.  As you probably know, all throughout the year we attend various security researcher conferences all over the world.  One of the biggest and the best is the Black Hat security conference in Las Vegas.  And of course the MSRC, as well as a number of other Microsoft teams, will be…


Windows 98, 98SE and ME: Information about Support Lifecycle and MS06-015

Christopher Budd here again. I wanted to take a moment and mention a couple of things related to security updates and Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). First, support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Me) ends on July 11, 2006,…


June 2006 Advance Notification

This is Christopher Budd. I wanted to take a moment from my preparations for TechEd next week to let you know that we made our regular advance notification for the upcoming monthly security bulletin release next week: At approximately 10:00 am PT next Tuesday, June 13th 2006, we are planning to release a total of…