Tuesday, July 20, 2010
We’ve just updated Microsoft Security Advisory 2286198 to let customers know that we now have an automated “Fix It” available to implement the workaround we first outlined in our original posting on Friday, July 16, 2010. More information is available in the KB article 2286198, but in summary running the “Fix It” can help prevent attacks attempting to exploit this vulnerability.
Friday, July 16, 2010
Hi everyone, We have released Security Advisory 2286198, which addresses a publicly reported vulnerability in Windows Shell. Microsoft has found that this vulnerability is most likely to be exploited through removable drives. Currently, we have seen only limited, targeted attacks on this vulnerability. In the wild, this vulnerability has been found operating in conjunction with the Stuxnet malware, a threat family already known to the Microsoft Malware Protection Center.
Tuesday, July 13, 2010
Hi everyone. As part of our usual monthly update cycle, today Microsoft is releasing four security bulletins to address five vulnerabilities in Windows and Microsoft Office. MS10-042 resolves a publicly disclosed and actively exploited vulnerability discussed in Security Advisory 2219475. The update addresses an issue in the Windows Help and Support Center feature included in Windows XP and Windows Server 2003.
Tuesday, July 13, 2010
Today we released MS10-042 to address CVE-2010-1885, a Critical severity security issue in the Help and Support Center. Windows XP is affected and we have seen limited attacks, so we encourage everyone to depoy the update right away. Windows Server 2003 also contains the vulnerable code; however, we have not identified a way for an attacker to exploit it.
Tuesday, July 13, 2010
Today we released the fix for CVE-2010-0266, an Important severity vulnerability in Microsoft Office Outlook. Yorick Koster working with the SSD/SecuriTeam Secure Disclosure program reported this issue. What’s the risk? This vulnerability enables an attacker to spoof a dangerous e-mail attachment to appear legitimate / benign. If a victim user were to open the attachment, code from a remote UNC path could execute without prior warning.
Thursday, July 08, 2010
Hi everyone. Today we’re releasing our advance notification for the July security bulletin release, which is scheduled for Tuesday, July 13. This month’s release includes four bulletins addressing five vulnerabilities. Two bulletins, both with a severity rating of Critical, affect Windows. Two of the bulletins affect Microsoft Office; of those, one carries a Critical severity rating and one is rated Important.
Friday, June 11, 2010
Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Group Manager, Response Communications Website: TechNet/security Chat Topic: June 2010 Security Bulletin Release Date: Tuesday, June 8, 2010 Q: The .NET updates are only a security update correct? Not a service pack or rollup, right? A: The June Security Bulletin release had one security bulletin, MS10-041, for the .
Thursday, June 10, 2010
Yesterday evening, one of Google’s security researchers publicly released vulnerability details and a working exploit for an unpatched vulnerability in Windows XP and Windows Server 2003. This afternoon, we’ve released security advisory 2219475 with official guidance. We’d like to use this blog entry to share more details about the issue and ways you can protect yourself.
Thursday, June 10, 2010
Hello - We have released Security Advisory 2219475, addressing the vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. We are not aware of any active attacks at this time. Customers running Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not vulnerable to this issue or at risk of attack.
Thursday, June 10, 2010
Hello, We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003. We are not aware of any current exploitation of this issue and customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack.
