Microsoft Support & Discussions

Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs view, change, or delete data or create new accounts with full user rights. View the full article

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. View the full article

Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. View the full article

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Cinepak Codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. View the full article

Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities. View the full article

Bulletin Severity Rating:Critical - This security update resolves six privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. View the full article

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. View the full article

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. View the full article

Microsoft has always seen the world through developer-colored glasses. And this month, they're at it again, with the upcoming beta of Visual Studio LightSwitch, a version of its developer suite so simple even an admin can use it. View the full article

Microsoft’s product groups are busy crafting their answer(s) to the Apple iPad. But Microsoft Research is working on slate/tablet-related projects of its own, including a way to add physical keys to the backs of these kinds of mobile-computing devices. View the full article

Signs are pointing to Microsoft backing away from IronRuby, the .Net-targeted implementation of the Ruby dynamic programming language that the company has been developing and funding for the past couple of years. View the full article

In this week's mailbag, creating a USB memory stick version of the Windows 7 Repair Disc, learning the Office 2007/2010 ribbon UI with a game, Windows Phone and desktop sync, what to do before you get a Windows Phone, whether Windows Phone will support tethering, and when an upgrade is really just a new computer. View the full article

Microsoft researchers have published a photo of a prototype Microsoft ‘Menlo’ phone and have shared information about a new sample application codenamed “Greenfield” that is running on it. View the full article