MSRC Blog: October 25th Update To Security Advisory 943521

Hi everyone, Bill Sisk here.  This week we became aware of publicly disclosed exploit code being used in limited attacks on customers.  This change in the threat landscape has prompted us to update last week’s Security Advisory 943521 and triggered our Software Security Incident Response Plan (SSIRP).   Third party applications are currently being used…

5

MSRC Blog: Additional Details and Background on Security Advisory 943521

Hi everyone.  This is Jonathan from the SWI team in the MSRC.  We’ve just released Security Advisory 943521 regarding a vulnerability affecting Windows Server 2003 and Windows XP with Internet Explorer 7 installed.  As you have probably noted there’s been a fair amount of discussion on this issue. One of the reasons we are releasing…

11

MSRC Blog: Security Advisory 943521

Since this is my first post, I suppose a quick introduction is in order. I’m Bill Sisk, a member of the Security Response Communications Team. My team works to provide communications around security response issues to our customer through MSRC Blogs and other outreach vehicles.   As part of that I wanted to let people…

1

October 2007 Monthly Release

Hi Everyone!   This is Tami Gallupe, MSRC release manager, and here is a brief update on the bulletins we released today.   Today, we released 6 bulletins: 4 have a maximum severity rating of Critical and 2 have a maximum severity rating of Important. The bulletins are as follows:   MS07-055 addresses a vulnerability…

4

October 2007 Advance Notification

Hello, This is Christopher Budd. I wanted to let you know that we’ve just posted our Advance Notification for next week’s bulletin release on Tuesday October 9, 2007 at or around 10 a.m. Pacific Time. A reminder that the information we post is intended to help with your planning for next week, but because it…

4

Announcing BlueHat v6

Hi, Andrew Cushman here.   I wanted to let you know that BlueHat is back in Redmond, as BlueHat v6: The Vuln Behind The Curtain opens September 27th and 28th. Once again we have two days of great security content that covers the spectrum of issues in security.  For more information please see the BlueHat…

1

Detection and Deployment Logic Update for MS07-052

Hi everyone.  Ben from the MSRC here. I am the case manager that handled the Crystal Reports for Visual Studio Bulletin, MS07-052, and I wanted to let you know that today we updated our detection and deployment logic for that bulletin. First, I want to note that we’re not making any changes to the update…

2

Technical Tips and Insights on MS07-054 and KB941835

Hi everyone.  Jonathan from the SWI team in the MSRC here again.  I’d like to give some more detail around the conditions required to exploit MS07-054, the vulnerability in MSN Messenger and Windows Live Messenger.  You can read from the bulletin that MS07-054 affects MSN Messenger 6.2, 7.0, 7.5 and Windows Live Messenger 8.0.  It…

2

September 2007 Monthly Release

Hello,   This is Christopher Budd.  I wanted to go ahead and let you know that we’ve posted our bulletins for the September 2007 monthly release.   This month we’ve released:   MS07-051: This bulletin addresses a vulnerability in Microsoft Agent on Windows 2000 only. This bulletin is rated “Critical”. MS07-052:  This bulletin addresses a…

3

September 2007 Bulletin Release Advance Notification

Hello, This is Christopher Budd and today is the Thursday before the scheduled September 2007 bulletin release on Tuesday Sept. 11, 2007. As we do each month, as part of our processes to help make security updates more predictable and assist with your planning, we’ve posted our Advance Notification with preliminary information about next week’s…

1