Hey everyone, this is Adrian Stone from the MSRC and I wanted to take a moment to clarify some recent reports about a vulnerability that was not addressed in this month's MS06-035 security update. As soon as we heard about the posting, we initiated our Software Security Incident Response Process to investigate. We now have a good understanding of the issue and we are conducting a thorough investigation into this area of code to make sure we can deliver a security update that is complete and meets our quality bar. Here's what we've found so far:

* While this appears to have beeen found after the release of MS06-035, this does not affect the same code path or functionality or vulnerability that was addressed by the update.

* Unlike some of the current speculation that we have observed, the current PoC is limited to a denial of service that would cause the target host to blue screen. At this time we have not identified any possibilities with this issue that could allow remote code execution.

* We have not observed or received any reports of the PoC being used to actively attack systems.

Some reports have said that the workarounds we detailed in MS06-035 would apply to this issue and those are accurate. Specifically, blocking unsolicited in bound traffic and to block ports 135-139 and 445 from untrusted networks.

We in the MSRC are working in conjunction with our hard working partners looking at the issue to determine next steps. We will continue to monitor the situation and if need be we will update the Blog with any breaking news right here.

I hope this clears things up with some of the details regarding the PoC posting and its relation to MS06-035.

If you think you are being attacked or impacted by the DoS we definitely want to encourage you to contact Product Support Services. You can contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.

Thanks,

-Adrian

*This posting is provided "AS IS" with no warranties, and confers no rights.*