Security Headlines

On This Page

March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
January 2003

March 2004

• Install Security Updates for Office and Outlook Vulnerabilities
  Microsoft's security bulletin release for March includes critical fixes for Office XP Service Pack 2 and Outlook 2002 as well as moderate fixes for Windows 2000 and MSN Messenger versions 6.0 and 6.1.

• Sign Up for March 16 Executive Webcast
  Join Mike Nash as he provides details on Microsoft security enhancements, insights into strategies for customers, and information on security technologies being delivered in upcoming service packs.

• Register for the March Security Bulletins Webcast
  Join Microsoft security experts in this webcast for a live discussion of the technical details of the March security bulletins and steps you can take to protect your environment.

• Confirm You're Protected Against Recent Exploit Code
  The illegal release of Windows source code in early February was quickly followed by an exploit against a vulnerability in Internet Explorer 6.0 that was addressed by Service Pack 1. Make sure SP1 is installed in your networks.

• Problems Persist: Use This Free Tool
  Get a tool that detects and automatically removes Mydoom.A, Mydoom.B, or Doomjuice (A or B) from your networks. The worm continues to slow network connections and create backdoor vulnerabilities.

• In-depth Guidance for Securing Computer Systems
  The Microsoft Security Center provides quick access to prescriptive guidance, tools, training, and updates for IT professionals and developers. .

February 2004

• Action: Download the latest security updates for Windows and Virtual PC for Mac
  The February security updates include critical updates for Microsoft Windows and an important update for Virtual PC for Mac.

• Sign Up for February 17 Executive Webcast (February 10, 2004)
  Microsoft's security vice president, Mike Nash, welcomes security expert and author Michael Howard to a February 17 webcast. Topics will include writing code to withstand repeated attacks and testing applications for security flaws.

• Register for the February Security Bulletins Webcast(February 2, 2004)
  Join Microsoft security experts in this webcast for a live discussion of the technical details of the February security bulletins and steps you can take to protect your environment.

• Action: Apply Critical Security Patch for Internet Explorer Now(February 2, 2004)
  On February 2, Microsoft released a critical security update to eliminate newly discovered vulnerabilities in Internet Explorer that could allow remote code execution.

January 2004

• Mydoom Virus Alert (January 27, 2004)
  Please review the Microsoft security alert regarding W32/Mydoom@MM and take appropriate action for your environment. This rapidly spreading, mass-mailer virus affects Microsoft Outlook, Microsoft Outlook Express, and Web-based e-mail.

• Microsoft Provides Workarounds Pending Update to Internet Explorer(January 27, 2004)
  Microsoft plans to release a software update in early to mid February that modifies the default functionality in Internet Explorer to help reduce the risk of malicious code directing users to spoofed websites. If you include user information in HTTP and HTTPS URLs, explore these workarounds before you install the forthcoming software update.

• Download the New MBSA 1.2(January 19, 2004)
  The Microsoft Baseline Security Analyzer now scans for missing security updates in numerous server and Office products, and is available in English, German, French, and Japanese versions.

• January Security Bulletins Include Critical Fix for ISA Server(January 13, 2004)
  Microsoft's monthly security bulletin release on January 13 included fixes rated Critical for Internet Security and Acceleration Server, Important for Windows, and Moderate for servers running Outlook Web Access for Exchange Server 2003.

• Update VeriSign Web Server Certificates for IIS Now(January 8, 2004)
  VeriSign's old 128-bit Global Server Intermediate Root certification authority certificates for Microsoft Internet Information Services (IIS) and other Web servers expired on January 7, 2004. You should update your servers' certificates to prevent error messages.

• Register for January 20 Webcast on Wireless Security(January 5, 2004)
  Gregory Wood, Microsoft’s general manager of corporate security, joins Mike Nash, Microsoft’s security vice president, to discuss best practices that Microsoft uses to secure its own wireless network.

December 2003

• No Security Bulletins for December Monthly Release (December 9, 2003)
  Microsoft had no security bulletins to release December 9, 2003, as part of its monthly release cycle for December. If the need arises for emergency patches, they will be issued outside the monthly releases. For updated security information, see our Security Center andPatch Managementpages.Orview previously released summary bulletins and webcasts.

• Hear About System Resiliency, Network Perimeter Security (December 8, 2003)
  Microsoft’s senior executive in charge of security, Mike Nash, will discuss upcoming Windows XP service packs focusing on system resiliency during a webcast December 16. In addition, Microsoft’s chief information officer, Rick Devenuti, will discuss the company’s best practices in securing its network perimeter.

• Security Week Webcasts Available on Demand(December 5, 2003)
  Webcasts presented as part of TechNet Security Webcast Week December 1-5 have been recorded and are available now.

November 2003

• Action: Download the Latest Security Updates (November 11, 2003)
  The November security bulletin release contains critical updates for Windows and FrontPage Server Extensions, and an important update for Office.

• Get Ready for TechNet Security Week, December 2–5(November 11, 2003)
  Join Microsoft security experts for a series of webcasts. Topics include patch management, secure network access, Windows Rights Management Services, and more.

• Webcast Features Microsoft Security VP(November 11, 2003)
  Mike Nash, Microsoft vice president of security, will present a live webcast November 18 on what Microsoft is doing to improve IT security and how it can help you enhance security in your organization.

• Microsoft Security Resources - Level 200 (November 4, 2003)
  Attend this live webcast for a discussion and demonstration of a number of security resources, tools and services offered by Microsoft for the enterprise environment.

• Security Bulletin Search More Comprehensive, Flexible (November 3, 2003)
  TechNet's new Security Bulletin Search now finds security updates for components that shipped with a product as well as updates for the product itself. It lets you specify the severity ratings and release dates of the security updates you want to see. Also, you can choose to see only the most recent security updates, excluding those that have been replaced by later updates.

October 2003

• Action: Get the latest critical Internet Explorer security update(October 3, 2003)
  Install the new cumulative update in Security Bulletin MS03-040 that addresses reports of an exploit on the Internet, affecting Microsoft® Internet Explorer.

• Microsoft Announces New Security Programs to Help Customers (October 9, 2003)
  In a speech at Microsoft's annual Worldwide Partner Conference, CEO Steve Ballmer announced a broad security effort to help address the increasingly disruptive security challenges. Ballmer outlined changes to the patch management process and to the Microsoft support policy.

• Microsoft Improves Security Resources for IT Pros (October 9, 2003)
  IT professionals now can quickly access compiled best practices for enterprise security, talk to peers in a new IT Pro Security Community, and use a streamlined registration process for receiving important security news.

• Action: Download the latest Windows and Exchange security updates (October 15, 2003)
  The October security bulletin contains critical security updates for Microsoft Windows and Exchange Server.

• Security Bulletins Expanded and Summarized by Product (October 15, 2003)
  Microsoft has begun releasing Security Bulletins once a month to give IT administrators increased predictability and manageability. In addition, each monthly release includes summaries for affected products, and the bulletins contain expanded prescriptive guidance, including workarounds.

September 2003

• Action: Install New Security Patch Immediately(September 10, 2003)
  Microsoft urges users of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 to read Security Bulletin MS03-039 and install this critical security patch immediately.

• Update to Security Bulletin MS03-032(September 8, 2003)
  Microsoft is investigating reports of new variations of a vulnerability in Microsoft Internet Explorer. Read Security Bulletin MS03-032 for the latest updates on this issue.

• Check for New Security Bulletins Affecting Microsoft Office (September 3, 2003)
  Microsoft has issued four bulletins for Microsoft Office that range in severity from critical to moderate. The bulletin rated critical addresses a buffer-overrun vulnerability in Microsoft Visual Basic for Applications (VBA), which is incorporated in Microsoft Office and various non-Microsoft applications.

August 2003

• TechNet Webcast: What Network Administrators Should Know About the Blaster Worm (August 27, 2003)
  This webcast, recorded on August 21, 2003, provides information for network administrators and IT professionals about how to prevent and recover from an infection of the Blaster worm and its variants. (88 minute webcast; 10.8 MB)

• Get Critical Troubleshooting Information for 3 Recent Virus Alerts (August 20, 2003)
  The Virus Alerts page directs you to the most current resources for: W32.Blaster.worm and its variants; the Nachi worm (also known as Blaster-D, Welchia, and Sachi); and W32.Sobig.A and its variants.

• Protect your System: 3 Ways to Help Ensure Your System Is Protected (August 18, 2003)
  As an administrator, you want to manage security efficiently and reliably on many computers. TechNet/Security provides advanced procedures and tools to help manage security solutions in the enterprise.

• Specific actions for Blaster worm(August 15, 2003)
  Check the Microsoft.com Security site for up to date information to help protect your systems.

• Action: Blaster Worm: Critical Security Patch(August 12, 2003)
  Microsoft urges users of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 to read the virus alert and Security Bulletin MS03-026, and install the security patch immediately.

• Action for Microsoft® Windows® users: Read about the Blaster worm and update your software immediately(August 14, 2003)
  Check the Security site for more information and steps you should take to help protect your systems.

• Microsoft.com Experienced Brief Denial-of-Service Attack (August 1, 2003)
  This attack does not have any association with any known vulnerability in Microsoft software. Find out more about how Microsoft is responding.

July 2003

• Important Security Notice: Install the Windows patch included with the Security Bulletin MS03-026 (July 24, 2003)
  Systems administrators should immediately apply the critical patch included with Security Bulletin MS03-026 to correct a vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call interface.

• Virus Notice: Microsoft never distributes software directly via e-mail (July 17, 2003)
  From time to time, malicious individuals circulate e-mail messages that purport to be a Microsoft Security Bulletin or patch and contain or link to an executable file that contains a virus. Stay alert for clues that the e-mail messages aren't a bona fide security bulletin or patch.

June 2003

• Microsoft Releases Windows 2000 Service Pack 4 (SP4) (June 26, 2003)
  Service Pack 4 includes a collection of fixes pertaining to operating system reliability, application compatibility, setup, and security.

• Information about the w32/Bugbear@MM Worm (June 5, 2003)
  Microsoft is alerting customers that the W32/Bugbear@MM worm appears to be spreading in the wild. Previously detailed best practices, such as filtering certain file types and applying security patches, should prevent infection from this Bugbear variant. Customers are advised to review the information and take the appropriate action for their environments.

• Microsoft Security Certifications for IT Professionals (June 3, 2003)
  Learn how the new Microsoft Certified Systems Administrator (MCSA): Security and Microsoft Certified Systems Engineer (MCSE): Security certifications validate your ability to create a secure computing environment based on the Microsoft platform.

May 2003

• Information about W32/Palyh@MM worm (May 19, 2003)
  Microsoft is advising customers to be on the alert for a moderately severe mass-mailing worm, W32/Palyh@MM, which spreads via e-mail and network shares. This worm spoofs the address support@microsoft.com. Customers are advised to review information on preventing and removing the virus and to take appropriate action.

• Information about W32.Fizzer.A@mm mass-mailing worm (May 12, 2003)
  Microsoft is advising customers to be on the alert for a moderately severe mass-mailing worm, W32.Fizzer.A@mm, which can affect Microsoft Outlook, Microsoft Outlook Express, and Web-based e-mail. Customers are advised to review information on preventing and removing the virus and to take appropriate action.

April 2003

• Information on Bogus Microsoft Security Bulletin E-mails (April 3, 2003)
  From time to time, malicious individuals circulate e-mails that purport to be a Microsoft Security Bulletin or patch and contain or link to an executable file that contains a virus. Stay alert for clues that the e-mails aren’t a bona fide security bulletin or patch.

March 2003

• Information about Microsoft Next-Generation Secure Computing Base (March 11, 2003)
  Answers to common questions regarding Next-Generation Secure Computing Base, a new set of security features in the Windows Operating System.

• Network Access Quarantine Control in Windows Server 2003(March 24, 2003)
  This downloadable article provides a technical overview of the Network Access Quarantine Control feature in the Windows Server 2003 family and includes instructions on how to deploy it.

January 2003

• Customer update on the "Slammer" Virus Attack(1/27/03)

Security Headlines Archive