Security Bulletin Webcast Questions and Answers - April 2009
Posted Monday, April 20, 2009 6:39 AM by MSRCTEAMHi,
During this month’s webcast we were able to address 15 questions in the time allotted, but have included the additional questions asked in this QA post. Most of the questions centered on the MS09-013: the Windows HTTP bulletin, MS09-014: Internet Explorer Bulletin, and MS08-015, the Blended Threat bulletin. We did address additional questions regarding the other bulletins, as well as, questions concerning Product Support Lifecycle.
Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:
http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-April-2009.aspx
Also, here is the link to the Q&A index page in case you want to view previous months:
http://blogs.technet.com/msrc/pages/microsoft-security-bulletin-webcast-q-a-index-page.aspx
As always, customers experiencing issues installing any of the updates this month should contact our Customer Service and Support group:
Customers in the U.S. and Canada can receive technical support from Microsoft Customer Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
Thanks!
Al Brown
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Hello again,
This is Jerry Bryant letting you know that we have published the security bulletin webcast video. As you know, on Tuesday, we published a quick overview of the 8 bulletins we released on that day. Yesterday we conducted a live, public webcast, where we went in to more detail on each bulletin. The recording from that webcast is embedded below. Usually we include the questions and answers portion along with this but this month we will point you to the transcript which should be published here by tomorrow.
| More viewing options: |
As always, we encourage you to register for and attend our monthly bulletin webcasts by going to http://www.microsoft.com/technet/security/current.aspx where you will find the registration links and other valuable security update information.
Thanks!
Jerry Bryant
*Postings are provided "AS IS" with no warranties, and confers no rights.*
April is here and is turning out to be a typical, busy month, if one can call it that. In general, when we have a large release, the number of updates ranges from 7-12. With this in mind, we released eight security updates this month: 5 rated as Critical, 2 rated as Important, and one rated as Moderate.
This bulletin addresses two remote code execution vulnerabilities in Microsoft Excel. An attacker could exploit the vulnerability by sending a user a malformed Microsoft Excel file. Upon opening the file code can run in the context of the logged on user. We are aware of public exploits of these vulnerabilities. There are effective mitigations noted in the bulletin that are temporary measures until you test and deploy the updates.
A rating of Critical has only been assigned to Microsoft Office Excel 2000. The other applicable versions are rated as Important. If the Office Document Open Confirmation Tool has been downloaded and installed on a system with Microsoft Office Excel 2000, the user will first be prompted with a dialog box. This functionality is already built in to newer versions of Microsoft Office.
This bulletin addresses four remote code execution vulnerabilities in Microsoft WordPad and Microsoft Office text converters. An attacker could exploit the vulnerability by sending a user a malformed file. Upon opening the file code can run in the context of the logged on user. We are aware of public exploits of these vulnerabilities. There are effective mitigations noted in the bulletin that are temporary measures until you test and deploy the updates.
A rating of Critical has only been assigned to Microsoft Office Word 2000 Service Pack 3. The other applicable versions are rated as Important. If the Office Document Open Confirmation Tool has been downloaded and installed on a system with Office Word 2000 Service Pack 3, the user will first be prompted with a dialog box. This functionality is built in to newer versions of Microsoft Office. There are effective mitigations noted in the bulletin that are temporary measures until you test and deploy the updates. One of the mitigations is blogged about in greater detail than the bulletin. You can find this information on the Security Defense & Research blog.
The last thing I will mention is the fact that the Microsoft Security Intelligence Report Volume 6 provides insights into document file formats vulnerabilities and common exploitation techniques.
This bulletin addresses privately reported remote code execution vulnerability in Microsoft DirectX and is rated as Critical. An attacker could exploit this vulnerability by sending a malformed MJPEG file to a user of a system. If a user opened the file, code execution of the attacker’s choice would run in the context of the logged in user. Unregistering the quartz.dll or disabling the decoding of MJPEG content in Quartz.dll is a temporary measure that can be used while testing and deploying the update. Please see the bulletin to understand impact of the workarounds as they affect functionality.
This bulletin addresses several elevation of privilege vulnerabilities in Microsoft Windows and is rated as Important. The elevation of privilege vulnerabilities are commonly known as Token Kidnapping and was first described in Microsoft Security Advisory 951306. A supplemental blog will be posted here as well as a technical deep dive on the Security and Research Defense blog. It can be found here: http://blogs.technet.com/srd/
Microsoft Windows HTTP Services (WinHTTP) contains three vulnerabilities, two of which could allow for remote code execution running in the context of the logged on user. The bulletin is rated as Critical. WinHTTP is a technology within itself. As such, Internet Explorer does not use WinHTTP services.
Internet Explorer contains several remote code execution vulnerabilities and is rated as Critical. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. This security update also addresses a vulnerability first described in Microsoft Security Advisory 953818. As you will see, MS09-015 also addresses this Advisory. Details as to why can be found in both bulletins.
This bulletin addresses a vulnerability in SearchPath which could allow for an elevation of privilege and is rated as Moderate. It’s worth mentioning here that this security update addresses the issue detailed in Advisory 953818: “Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform”. Among other information in the bulletin I want to note that we added a new api as a defense in depth measure. It is called SetSearchPathMode. This new API allows for a per-process mode when using the SearchPath function to locate files. This allows applications to force the current directory to be searched after the application and system locations. This defense in depth measure is not enabled by default. Please see the bulletin for additional information.
This bulletin address vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) and is rated as Important. These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.
There are several mitigating factors noted in bulletin; one of which I will note here regarding the cross-site scripting (XSS) vulnerability. ISA Server 2006 and Forefront TMG MBE deployments that do not have any Web publishing rules are not vulnerable by default. If ISA Server 2006 or Forefront TMG MBE is installed in a traditional firewall role and is not publishing any internal Web sites to the Internet, the vulnerable Web Filter will not be exposed (the port will be blocked).
My colleague Jonathan, in the MSRC, is providing guidance as it relates to suggestions for prioritization of the security updates. This information can be found at the Security Research & Defense blog site.
As a postscript to this posting I want to share some thoughts with you regarding the advisories.
Of the eight updates, five address vulnerabilities that Microsoft has issued security advisories for:
· Excel vulnerability: Security Advisory 968272 was released Feb. 24, 2009,
· WordPad: Security Advisory 960906 was released Dec. 9 2008, more related information can be found at Security Research & Defense blog.
· CarpetBombing: Security Advisory 953818 was released May 30, 2008, more related information can be found at Security Research & Defense blog
· Token Kidnapping: Security Advisory 951306 was released April 17, 2008, more related information can be found at Security Research & Defense blog.
The question becomes, why does it take so long for Microsoft to release a security update?
When we here at Microsoft are asked this question: our answer is “we want to get this right.” Or to put it another way, we are constantly asking ourselves during any given release cycle “are we doing the right thing for our customers?” If as a result of any given investigation, we find a variant of a vulnerability we are fixing; do we dig deeper to make sure we cover all our bases, or do we just fix what we can see and ship the update because of external pressures? “Are we doing the right thing for our customers?”
If we find, at the 11th hour, an application compatibility issue that breaks third party software, do we ship anyway because we don’t want to get bad press? “Are we doing the right thing for our customers”?
Do we spread out the release of open advisories so no one notices, but not ship them when ready? “Are we doing the right thing for our customer?”
I will say that we will do the right thing for our customers; we will dig deeper; we will hold a low quality update; and we will release an update when it is ready for broad distribution; no sooner or no later.
*Postings are provided "AS IS" with no warranties, and confers no rights.*
April 14: Updated to include hyperlinks for bulletins
Hello everyone,
As you can see from the April 2009 release summary, we addressed the Token Kidnapping issue with bulletin MS09-012. This issue allowed an attacker to gain full control of a server if the attacker can first run malicious code on the server as a lesser privileged user.
This issue was originally presented by Cesar Cerrudo in March of 2008 at Hack in the Box (Dubai) 2008. In April of 2008, we released an advisory to inform customers of actions they could take to protect themselves. We also updated the advisory in October of 2008, alerting customers to the availability of proof-of-concept code that demonstrates how to attack systems using token kidnapping techniques. Today we’ve released an update that protects from these issues without having to deploy workarounds. This release has been a long time in the making, so I wanted to take a moment and provide some insight into what it took to resolve this issue for customers.
First, what is Token Kidnapping? This is an elevation of privilege vulnerability that could allow an attacker to go from authenticated user to LocalSystem privileges. An attacker can escalate their privileges on a system if they can control the SeImpersonatePrivilege token. An attacker would need to be executing code in the context of a Windows service to use this exploit. For a more detailed look at the issue, refer to the SRD blog found here.
This case presented some interesting challenges in preparing the update to address the issue. First, there are two updates included in this bulletin. The first update addresses service isolation, while the second addresses processes running as service accounts. In order to secure these items, we took the work we did in Windows Vista to provide additional service hardening and implemented it in older operating systems like Windows XP, and Windows Server 2003. These changes are low-level and deeply engrained in the OS. When making these types of changes, many of the applications that have been written in the 5 to 10 years since the OS was released could be impacted as we are changing infrastructure. Typically, we only change code to this degree in a service pack release to ensure it receives the proper level of testing.
However, given the security risk, and even though we provided workarounds, we wanted to secure customers automatically. So we made the changes, and then did extensive testing to ensure this update is high-quality and did not impact existing implementations. For this bulletin, we ran over 600,000 different test scenarios, with over 6,000 variations tested in one configuration alone. We also needed to ensure we were not breaking 3rd-party applications by introducing this change. As a result, 2,500 application compatibility tests were also run. In addition to this testing, we selected over 1,000 systems within Microsoft to test the update before we released, and some key customers signed NDAs to do even more testing in their lab environments to make sure we didn’t break Line-of-Business application scenarios. One thing we did notice is that some 3rd-party applications may need to be updated to receive the same security benefits provides by this update. To facilitate this, the update also provides an infrastructure to 3rd-parties to isolate and secure their services. In Windows XP and Windows Server 2003, all processes running under the context of a single account will have full control over each other. This update provides 3rd-parties the ability to isolate and secure their services that hold SYSTEM token and run under the NetworkService or LocalService accounts. For more information on the usage of this registry key, see Microsoft Knowledge Base Article 956572.
While this update took some time to complete, our hope is that the majority of customers are protected either through the guidance we released a year ago or the update we released today. It is never an easy process to bring infrastructure from a newer OS to an older OS, but we considered this an important enough issue to do so. As you would expect, it wasn’t always an easy road, so I would like to thank all of the folks internally and externally that helped bring this update to the worldwide community. Specifically, I’d like to thank the following people who were key contributors in bringing this update to the world:
- Cesar Cerrudo, Argeniss Information Security
- Bruce Dang, MSRC Engineering
- Nick Finco, MSRC Engineering
- Anoop KV, Windows Serviceability
- Vikas Mittal, Windows Serviceability
And special thanks go out to all of the many developers and testers who help made this release possible.
Thanks,
Dustin
MSRC
Links to related articles:
Service isolation explanation, SRD blog entry, Jonathan Ness, October, 2008
Token Kidnapping in Windows, Nazim’s IIS Security Blog, Nazim Lala, October, 2008
*Postings are provided "AS IS" with no warranties, and confers no rights.*
Hi Everyone,
Jerry Bryant again. Here is the overview video for the April 2009 bulletins. Please join us tomorrow at 11:00 am PDT (UTC –7) for our bulletin webcast where we will cover this months updates in more detail and try to answer all of your bulletin related questions.
| More viewing options: |
Thanks!
Jerry Bryant
*This posting is provided "AS IS" with no warranties, and confers no rights.*
We’ve seen some activity in the Conficker space in the past two days and this has caused some questions from customers. Specifically, there have been reports of two possible new variants of Conficker. Our colleagues over at the Microsoft Malware Protection Center (MMPC) have done a thorough analysis of both of these and have determined that there’s really only one new variant, which they’re calling Conficker.E. Most importantly, the signatures that protect against Conficker.A are also effective at protecting against Conficker.E. The other possible new variant is only a slightly modified version of Conficker.D and our Conficker.D signatures protect against it. Also, our virus encylopedia entry for Conficker.D has been updated to include information about this slightly modified version.
There’s more detailed information on Conficker.E on the MMPC blog and in the encyclopedia entry. But at a high level, this has similar propagation methods to Conficker.B (attempting to exploit MS08-067, attacking weak passwords on administrative shares and spreading via removable media like
The important thing is that our guidance for protecting yourself remains the same. If your systems and security software are fully updated, you don’t need to be concerned about Conficker.
As always, we’re continuing our work with the Conficker Working Group and will update you as we have new, important information.
Thanks.
Christopher
*This posting is provided "AS IS" with no warranties, and confers no rights*
Hello, Bill here.
I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release, scheduled for Tuesday, April 14, 2009 around 10 a.m. Pacific Daylight Time. This should help you plan for your deployment process for next week and address these vulnerabilities to protect your computing environments.
As part of this month’s security bulletin release process, we will issue eight security bulletins – five rated ‘Critical,’ two rated ‘Important,’ and one rated ‘Moderate.’ These bulletins address vulnerabilities in Microsoft Windows, Microsoft Excel, Internet Explorer, and Microsoft ISA Server. Depending on the bulletin, a restart may be required. The updates will be detectable using the Microsoft Baseline Security Analyzer.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the “Other Information” section of the Advanced Notification.
As always, we’ll be holding the April edition of the monthly security bulletin webcast on Wednesday, April 15, 2009 at 11 a.m., Pacific Daylight Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand, as well at the same URL: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032395126&EventCategory=4&culture=en-US&CountryCode=US. Furthermore, we’ll also be posting the text of the questions and answers as well as a video synopsis on this page.
You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032395126&Culture=en-US
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
*This posting is provided "AS IS" with no warranties, and confers no rights*
April 9 update: Changed "Pacific Standard Time" with "Pacific Daylight Time"
Microsoft Security Intelligence Report volume 6
Posted Wednesday, April 08, 2009 6:40 AM by MSRCTEAMHello, Bill here,
Today is the release of the Microsoft Security Intelligence Report volume 6. The report can be found here: http://www.microsoft.com/sir.
A section in the report is devoted to out-of-band (OOB) releases. So, I thought I would blog a bit about these types of releases in the broader context of update management.
Security update management is a security discipline in itself. It is a fundamental security pillar in the security protection landscape. It is comprised of risk assessment, deployment planning, and cost analysis to name a few. Efficiency and cost effective patch management relies heavily on predictability. Predictability is entirely dependent upon a software vendor’s release process. While this may be true, the threat landscape can change to the degree that predictability becomes a secondary consideration when it is outweighed by an imminent and potentially destructive threat. Understanding the nature of what drives the release of a security update is key to having a balanced patch management strategy.
Over the years Microsoft has been constantly striving to improve our release process to minimize the impact of security update deployment. In the early days, we would release updates at various times of the week and/or month without a predetermined schedule. It was probably easier to predict the weather in San Antonio Texas than it was to predict when an update would be released from Microsoft. Many years ago when in San Antonio, I remember temperatures of 40 degrees in the mornings and 80 degrees in the afternoons—in November.
In subsequent years we started to release updates on a more predictable schedule. And has matured to what we have today by releasing updates on the second Tuesday of each month.
Essentially, we established a significant measure of predictability. In spite of these improvements, it was predictably unpredictable when customers may be under imminent threat or active attack. Specifically, exploit code existing and being leveraged in the wild but no security update being available. Under such circumstances, we would have to expedite the release of a security update as soon as possible to protect customers from the immediate threat.
These types of releases are what we call out-of-band (OOB). In other words, updates were not released on the second Tuesday of the month; waiting for the scheduled release date would leave customers with limited recourse to protect them. To be sure, if Microsoft releases an OOB update, customers are at great risk of exploitation and should apply the update as soon as possible. As I noted earlier, predictability becomes a secondary consideration in light of an imminent or active threat.
What is also important to note is that OOB’s don’t really fit any type of pattern. In the last four years we have released eight OOB’s. So it’s reasonable to average this out to two OOB’s per year. But the numbers tell a different story in terms of distribution. There were two OOBs in the matter of several months in 2008. In contrast, 2004 yielded 3; 2005 yielded 0; 2006 yielded 2; and 2007 yielded 1. As you can see, the numbers are not necessarily a harbinger of things to come.
Here at Microsoft we are constantly focusing on improvements that we can make to lessen the impact of security update management. While Microsoft has refined processes that lend itself to a predicable release cycle, predictability becomes secondary to out-of- band releases if warranted to protect customers.
While not the focus of this blog post, there are other data that factor into a patch management strategy that falls under the rubric of vulnerability and exploit trends. This information as well as a closer analysis of OOB releases can be found in the newest version of the Microsoft Security Intelligence Report V6. The report can be found here: http://www.microsoft.com/sir.
Bill Sisk
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Bill here,
I wanted to let you know that we have just posted Microsoft Security Advisory (969136).
This advisory contains information regarding public reports of a vulnerability in Microsoft Office PowerPoint that could allow for remote code execution if a user opens a specially crafted PowerPoint file.
At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, Microsoft Office PowerPoint 2003 Service Pack 3, and Microsoft Office 2004 for Mac. Microsoft Office PowerPoint 2007 is not affected.
The advisory contains guidance and workarounds that customers can use to help protect themselves. We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information.
To better help in understanding the issue, Microsoft security experts have provided additional technical details on the Microsoft Security Research & Defense blog and the Microsoft Malware Protection Center team blog.
We have activated our Software Security Incident Response Process (SSIRP) and we are continuing to investigate this issue. In addition, we are actively working with partners in the Microsoft Active Protections Program (MAPP) and the Microsoft Security Response Alliance (MSRA) program to provide information that they can use to provide broader protections to customers.
Bill Sisk
*This posting is provided "AS IS" with no warranties, and confers no rights.*
April 3rd change: added Microsoft Office 2004 for Mac as affected product
We’ve gotten a number of questions from customers asking us if we’ve seen any new activity from the Conficker worm now that it’s April 1, 2009.
We and our partners in the Conficker Working Group have been watching closely and we’ve not seen any new malicious activity from Conficker. We haven’t seen any actions outside of what we expected. We have seen systems infected with Worm:Win32/Conficker.D starting to use the new domain generation algorithm. But we haven’t seen any new variants released or any new attacks levied as a result of this.
While there’s been a significant focus on the April 1 date, customers shouldn’t take it to mean that once April 1 has passed that all the risks around Conficker.D lessen or go away. Like I said on Friday, Conficker.D should remain a manageable cause for concern and it doesn’t go away after April 1. Just like it has on April 1, Conficker.D will continue trying to contact domains using this new algorithm on April 2, April 10, and beyond. This means that even though it hasn’t happened today, a new variant or a new attack could be levied in the future. And so, customers should keep focused and keep doing what they’ve been doing: focusing on ensuring your systems are updated with MS08-067, keeping your security software signatures updated, and cleaning any systems you identify that are infected with any version of Conficker. Remember that we have more information about Conficker for home users, and IT Pros. And the MMPC blog always has good information related to malware.
And of course, we and our partners in the Conficker Working Group will keep focused on our ongoing efforts to protect customers and provide you with updates about the situation as we have them.
Thanks.
Christopher
*This posting is provided "AS IS" with no warranties, and confers no rights.*
We’ve received a lot of questions from customers about April 1, 2009 and the latest Conficker variant discovered earlier this month, Worm:Win32/Conficker.D (also known as Conficker.C or Downadup.C by some other companies). I wanted to let you know that we’ve put some new information up about Conficker.D today from our work with our partners in the Conficker Working Group.
We hope this new information helps you better understand the current situation. While any malware attack is cause for concern, customers who continue to follow the guidance we’ve always given, such as: apply security updates, update security software signatures and clean infected systems, should look at the latest version of Conficker like other malware attacks: a manageable cause for concern.
Since we announced our work with the Conficker Working Group and the $250,000 reward, a new version of Conficker was released, Conficker.D. Systems infected with Conficker.D are systems that were once infected with Worm:Win32/Conficker.B. This new version, Conficker.D, does not spread by attacking new systems.
The April 1, 2009 date that has been talked about recently refers to the date when these systems infected with Conficker.D will start trying to contact domains on the Internet, presumably for new instructions. This is identical behavior to what these systems did when they were infected with Conficker.B. What’s different between Conficker.B and Conficker.D is that the domain generation algorithm that I talked about in my February 12, 2009 posting has been changed. The new algorithm generates a larger pool of possible domains than the original one. You can get more details on this over at the Microsoft Malware Protection Center (MMPC) weblog.
While Conficker.D will start trying to contact a new pool of possible domains on April 1, 2009, we at Microsoft and our colleagues in the Conficker Working Group will continue doing what we’ve been doing throughout: working together on a daily basis to share information and take coordinated actions to help disrupt Conficker. In fact, we’ve already been taking actions against Conficker.D like we have against Conficker.B.
Just like we’re staying constant and focused in our actions against Conficker, all of us encourage customers to stay constant and focused in their actions: ensure your systems are updated with MS08-067, keep your security software signatures updated, and clean any systems you identify that are infected with any version of Conficker.
My colleagues over in the Microsoft Malware Protection Center (MMPC) have more detailed information on Conficker.D on their weblog. Also, some of our partners in the Conficker Working Group have posted some information about Conficker.D and the importance of staying constant and focused in combating it. A sampling of some of the information our partners have posted includes:
· F-Secure
We’ll all be here working to protect customers from Conficker and other threats on April 1, 2009, just like we are today, and we will continue to be here after April 1, 2009. And of course, we’ll update our weblog as we have new information and our partners will do the same.
Thanks.
Christopher
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Security Bulletin Webcast Questions and Answers - March 2009
Posted Monday, March 16, 2009 2:57 PM by MSRCTEAMHi,
During this month’s webcast we were able to address 18 questions in the time allotted. Most of the questions centered on the MS09-008, the DNS and WINS Server bulletin. We did address some additional questions regarding MS09-006, the Windows kernel bulletin, and the Malicious Software Removal Tool (MSRT).
Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:
http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-march-2009.aspx
Also, here is the link to the Q&A index page in case you want to view previous months:
http://blogs.technet.com/msrc/pages/microsoft-security-bulletin-webcast-q-a-index-page.aspx
As always, customers experiencing issues installing any of the updates this month should contact our Customer Service and Support group:
Customers in the U.S. and Canada can receive technical support from Microsoft Customer Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
Thanks!
Al Brown
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Hi Bill here,
You may have seen reports regarding the effectiveness of Microsoft Security Bulletin MS09-008. I wanted to let everyone know that we have thoroughly reviewed these reports, and customers who’ve deployed this update are protected from the four vulnerabilities outlined in the bulletin.
We’ve also been collaborating with several researchers regarding the effectiveness of this update, as it is a complex issue, and have released more details about these vulnerabilities and how the Security Update addresses them.
For those that want more information, please review the Microsoft Security Research and Defense blog http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx where there’s detailed information that will help customers better understand how the security update protects systems, clarifies the content of the security update and hopefully answers any questions you may have. Again, I want to assure you that MS09-008 protects from potential attacks that could exploit the vulnerabilities outlined in the bulletin.
Please continue to evaluate and deploy this update at your earliest convenience to help protect your environment.
Thanks, Bill
Update: Blog Post updated to reflect the possiblity of potential attacks. We are currently not aware of any attacks.
Hey everyone,
Jerry Bryant here. I am back with the videos from yesterday’s security bulletin webcast. We got great responses to the overview video we posted on Tuesday. To compliment that, the videos below go in to more detail on each bulletin and the exploitability index. As always, please plan to attend our monthly security bulletin webcast live if you can as we staff those with subject matter experts to answer the questions you have about the bulletins we released.
In part 1, Adrian Stone and Steve Adegbite go in to details on the bulletins and the exploitability index:
| More viewing options: |
In part 2, Adrian and Steve address customer questions that were submitted during the webcast:
| More viewing options: |
Note, check back here tomorrow for the Q&A in text form.
Feel free to go to the TechNet Edge site and leave comments on these videos.
Thank you!
Jerry
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Hi Everyone,
This month we are adding another new video feature. In addition to the entire security bulletin webcast recordings being posted for you to playback (available later this week), we are also providing a short, five to ten minute overview of the bulletins we have released. These clips will focus on the severity of the issue and the exploitability index ratings we have assigned them in order to help you get a quick understanding of the impact to your environment.
For the March 2009 security bulletin release, MSRC director Mike Reavey joined me to cover this overview:
For other viewing and listening options, please choose from the following:
- Windows Media Video (WMV)
- Windows Media Audio (WMA)
- iPod Video (MP4)
- MP3 Audio
- Streaming WMV (512kbps)
- High Quality WMV (2.5 Mbps)
- Zune Video (WMV)
If you have questions about these bulletins, please plan to join our webcast tomorrow at 11:00 AM Pacific Daylight Time (GMT -7), as Bill mentioned in an earlier post.
Thanks!
Jerry Bryant
*This posting is provided "AS IS" with no warranties, and confers no rights*
0 comentários:
Postar um comentário