Also announced at RSA today - a consumer version of Windows Anti-Spyware will be available to licensed Windows customers at no charge:
http://www.microsoft.com/presspass/press/2005/feb05/02-15RSA05KeynotePR.asp
Today at the RSA conference, Bill Gates announced a new version of IE to be called Internet Explorer 7 will be released for Windows XP SP2 customers. This new version will build on the work done on IE for SP2 around security.
We are targeting a beta release this summer and RTM will be when the code quality is right.
You can see a recorded web cast with Security Business & Technology Unit VP Mike Nash on this topic here:
http://go.microsoft.com/fwlink/?LinkId=41000
See the presspass info here:
http://www.microsoft.com/presspass/press/2005/feb05/02-15RSA05KeynotePR.asp
More to follow soon.
February 8, 2005
Today Microsoft released the following Security Bulletin(s).
Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.
Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.
Bulletin Summary:
http://www.microsoft.com/technet/security/Bulletin/ms05-feb.mspx
Critical Bulletins:
Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
http://www.microsoft.com/technet/security/Bulletin/ms05-005.mspx
Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
http://www.microsoft.com/technet/security/Bulletin/ms05-009.mspx
Vulnerability in the License Logging Service Could Allow Code Execution (885834)
http://www.microsoft.com/technet/security/Bulletin/ms05-010.mspx
Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
http://www.microsoft.com/technet/security/Bulletin/ms05-011.mspx
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
http://www.microsoft.com/technet/security/Bulletin/ms05-012.mspx
Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
http://www.microsoft.com/technet/security/Bulletin/ms05-013.mspx
Cumulative Security Update for Internet Explorer (867282)
http://www.microsoft.com/technet/security/Bulletin/ms05-014.mspx
Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
http://www.microsoft.com/technet/security/Bulletin/ms05-015.mspx
Important Bulletins:
ASP.NET Path Validation Vulnerability (887219)
http://www.microsoft.com/technet/security/Bulletin/ms05-004.mspx
Vulnerability in Windows Could Allow Information Disclosure (888302)
http://www.microsoft.com/technet/security/Bulletin/ms05-007.mspx
Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
http://www.microsoft.com/technet/security/Bulletin/ms05-008.mspx
Moderate Bulletins:
Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)
http://www.microsoft.com/technet/security/Bulletin/ms05-006.mspx
Re-released Bulletins:
Vulnerability in SMTP Could Allow Remote Code Execution (885881)
http://www.microsoft.com/technet/security/Bulletin/ms04-035.mspx
Security bulletin summary for October 2004
http://www.microsoft.com/technet/security/Bulletin/ms04-oct.mspx
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.
If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.