Microsoft Security Advisory 975191 Revised

Hi Everyone, Today we updated Security Advisory 975191 as we are now seeing limited attacks.  Additionally, a new proof of concept published allowing for Denial of Service (DoS) attacks on Windows XP and Windows Server 2003 with read access to the File Transfer Protocol (FTP) service. This does not require Write access.  Also, a new POC…

0

September 2009 bulletin Release

Advance Notification for the September 2009 Security Bulletin Release This month we will be releasing 5 security bulletins, all affecting Windows, and all with an aggregate severity rating of critical. As always, the target for release is the second Tuesday of the month at 10:00 a.m. PDT (UTC -8). Please check back here at that…

0

Microsoft Security Advisory 975191 Released

Hi Everyone, This is Alan Wallace, senior communications manager for our security response communications team.  Today, Microsoft released Security Advisory 975191, to provide customer guidance and protection from a vulnerability that could allow remote code execution on affected systems running the FTP service in Microsoft Internet Information Services (IIS) 5.0, 5.1 and 6.0, and connected…

0

August 2009 Bulletin Release

Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note…

0

Security Bulletin Webcast Video, Questions and Answers – July 2009

Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components). There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed…

0

July 2009 Bulletin Release

Summary of Microsoft’s monthly security bulletin release for July 2009. This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the…

0

Microsoft Security Advisory 973472 Released

Hi Everyone,   This is Dave Forstrom, group manager for our security response communications team.  We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain…

0

Questions about Timing and Microsoft Security Advisory 972890

Hi everyone, Mike Reavey here.   You’ve probably seen in Jerry’s Advance Notification posting today announcing that we’re on track to release an update to address the issue discussed in Microsoft Security Advisory 972890.   We’ve gotten some questions from customers about when we got the first report of this vulnerability and how long the…

0

July 2009 Advance Notification

Advance Notification for the July 2009 Security Bulletin Release Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of: ·          Three Critical updates affecting Windows. ·          One Important update affecting Publisher. ·          One Important…

0

Microsoft Security Advisory 972890 Released

I wanted to let you know that we have just posted Microsoft Security Advisory 972890 that discusses new, limited attacks against a Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003.   Specifically, we’re aware of a code execution vulnerability within this control that can enable an attacker to run code as the…

0