April, 2007

  • Latest on security update for Microsoft Security Advisory 935423

    Hello everyone, this is Christopher Budd. We have some new information tonight on the status of the security update that we’re working on that addresses the vulnerability in Windows Animated Cursor Handling. From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been...
  • An inside look into building and releasing MS07-017

    Hey Folks – this is Mike Reavey. We’re all glad that MS07-017 – the Security Bulletin that fixes the vulnerability in Animated Cursor Handling (CVE-2007-1215) – has been released, helping to block attacks on that vulnerability. While we released it within 5 days of being notified of attacks, we have received questions from customers about why it took us 3 months to develop and release the fix for this vulnerability. I wanted to provide some insight into the history of this vulnerability, and while...
  • New updates for Microsoft Knowledge Base Article 925902

    Hello, This is Christopher Budd. I wanted to let you know about two updates we’ve made as part of our regular process to Knowledge Base article 925902 . These discuss new known issues a small number of customers have encountered with MS07-017 . First, we’ve added BMC PATROL 7.1 (now called Performance Manager, by BMC Software, Inc) to the list of applications affected by the issue discussed in Knowledge Base article 935448 . The hotfix that is available addresses the issues in this application...
  • Microsoft Security Advisory 935964 Posted

    Hey everyone this is Adrian Stone, I wanted to let people know that we have just posted Microsoft Security Advisory (935964) . This advisory talks about a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service. Our investigation has shown that this affects Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Microsoft 2003 Service Pack 2. Because this is a server service, Windows 2000 Professional Service Pack 4, Windows XP Service Pack...
  • Update on Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. I wanted to give you the latest information from our monitoring of the new attack we mentioned yesterday . I also wanted to address questions we’ve gotten from customers about when we think we’ll have updates ready to address this issue. We have been monitoring the situation overnight and working with our Microsoft Security Response Alliance (MSRA) partners and attacks are still not widespread. As part of our Software Security Incident Response Process...
  • Microsoft Knowledge Base Article 925902 Updated

    Hello this is Christopher Budd. Since MS07-017 was released out-of-band on Tuesday to protect customers from attacks exploiting the Windows Animated Cursor Handling vulnerability, we wanted to provide additional information regarding an update to the known issue Knowledge Base article with information that may impact customers. As I noted on Tuesday , our regular process is to document known issues in the Master Knowledge Base article referenced in the “Caveats” section of the security bulletin...
  • Friday update on Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. We’ve not seen any new developments in the DNS situation but I wanted to go ahead and take a minute to recap the current situation so everyone is up-to-date. Also, I wanted to call out some information for your deployment planning to help expedite the deployment of the security update for this issue when we release it. Recap of Current Situation With the ongoing development and testing work from our teams on the issue, we are increasingly...
  • Situation update on Microsoft Security Advisory 935964

    Hello everyone, This is Christopher Budd. I wanted to give you a brief update with the latest information on the situation from our ongoing work over the weekend. Our teams are continuing their work to develop a security update to address this issue. Our ongoing monitoring of attacks in conjunction with our MSRA partners indicates that attacks are still limited. We are aware though of public disclosure of proof of concept code to exploit the vulnerability. We continue to urge customers to deploy...
  • Monday update on Microsoft Security Advisory 935964

    Hello everyone, this is Christopher Budd. I wanted very quickly to update you with some new, important, information that we have on this situation. Our ongoing monitoring in conjunction with our MSRA partners indicates that we are seeing a new attack that is attempting to exploit this vulnerability. At this time, the attack does not appear widespread. As part of our Software Security Incident Response Process (SSIRP) , we continue to work through a variety of channels to encourage customers...
  • New KB article to help deploy DNS remote RPC block workaround throughout enterprise

    Hi everyone. Jonathan from the SWI team here. Christopher asked me to write a guest blog entry introducing and providing some background on a new KB article that we published a few minutes ago. We have seen lots of activity in the security community about the registry key workaround we published in Security Advisory 935964. As a reminder, the DNS service listens on RPC over TCP, RPC over named pipes, and LPC. The workaround changes this behavior to listen on LPC only to block any possibility of...