April, 2007

  • Friday update on Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. We’ve not seen any new developments in the DNS situation but I wanted to go ahead and take a minute to recap the current situation so everyone is up-to-date. Also, I wanted to call out some information for your deployment planning to help expedite the deployment of the security update for this issue when we release it. Recap of Current Situation With the ongoing development and testing work from our teams on the issue, we are increasingly...
  • SDL Lessons learned from MS07-017

    Hi everyone this is Adrian Stone. One question that I still get regularly on the .ANI case that was part of the MS07-017 bulletin by many people outside of Microsoft is “After all the work Microsoft did leveraging the Security Development Lifecycle, why didn’t it help catch this vulnerability in Windows Vista?” Honestly, that is a fair question and one I asked myself during the investigation, as I was the program manager responsible for the case. I decided to walk down the hall from my office...
  • Sunday update on Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. I wanted to take a moment and provide a brief update on the situation from our work over the weekend. As of tonight, the situation remains unchanged. Our teams are continuing to work on developing and testing updates for this issue, and our ongoing monitoring of the situation shows that attacks are still not widespread. We don’t have any new estimates on release timelines. I can say that our ongoing testing so far has not raised any issues that would...
  • New KB article to help deploy DNS remote RPC block workaround throughout enterprise

    Hi everyone. Jonathan from the SWI team here. Christopher asked me to write a guest blog entry introducing and providing some background on a new KB article that we published a few minutes ago. We have seen lots of activity in the security community about the registry key workaround we published in Security Advisory 935964. As a reminder, the DNS service listens on RPC over TCP, RPC over named pipes, and LPC. The workaround changes this behavior to listen on LPC only to block any possibility of...
  • Update and Clarifications in Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. I wanted to let you know that we’ve made a revision to our security advisory to provide some additional details and clarifications. First, though, I wanted to let you know that the situation has not changed. Our teams are continuing to work on developing and testing updates for this issue, and our ongoing monitoring of the situation shows that attacks are still not widespread. Currently, we are aware of four pieces of malicious software attempting...
  • MSRC Blog Updates

    Hi Everyone, This is Mark Miller. For those who may not know, I’ve been the Director of Security Response Communications since October of last year. I wanted to let you all know that we have implemented a new Windows Live Alert for postings to this blog. These alerts are delivered to your email inbox, SMS and/or instant messaging and will let you know that we’ve posted something here. Given the importance of these communications, we wanted to make sure to give you as many different ways of...
  • New updates for Microsoft Knowledge Base Article 925902

    Hello, This is Christopher Budd. I wanted to let you know about two updates we’ve made as part of our regular process to Knowledge Base article 925902 . These discuss new known issues a small number of customers have encountered with MS07-017 . First, we’ve added BMC PATROL 7.1 (now called Performance Manager, by BMC Software, Inc) to the list of applications affected by the issue discussed in Knowledge Base article 935448 . The hotfix that is available addresses the issues in this application...
  • Update on Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. I wanted to give you the latest information from our monitoring of the new attack we mentioned yesterday . I also wanted to address questions we’ve gotten from customers about when we think we’ll have updates ready to address this issue. We have been monitoring the situation overnight and working with our Microsoft Security Response Alliance (MSRA) partners and attacks are still not widespread. As part of our Software Security Incident Response Process...
  • Monday update on Microsoft Security Advisory 935964

    Hello everyone, this is Christopher Budd. I wanted very quickly to update you with some new, important, information that we have on this situation. Our ongoing monitoring in conjunction with our MSRA partners indicates that we are seeing a new attack that is attempting to exploit this vulnerability. At this time, the attack does not appear widespread. As part of our Software Security Incident Response Process (SSIRP) , we continue to work through a variety of channels to encourage customers...
  • Situation update on Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. I wanted to give you a brief update with the latest information on the situation from our ongoing work over the weekend. Our teams are continuing their work to develop a security update to address this issue. Our ongoing monitoring of attacks in conjunction with our MSRA partners indicates that attacks are still limited. We are aware though of public disclosure of proof of concept code to exploit the vulnerability. We continue to urge customers to deploy...