The official corporate security response blog
@MSFTSecResponse
How to Report a Vulnerability to the MSRC
Hi everyone. This is Jonathan from the SWI team. My co-workers and I have posted technical vulnerability information a few times here on the MSRC blog. We'll continue to contribute to the MSRC blog with technical clarifications but the bulk of our vulnerability research and defense information will be posted on a new SWI blog. We’re going to use the new blog to go deep into the technical guts of vulnerabilities, workarounds, and mitigations without disclosing too much information. We’ll also post notes from our research that we expect will be interesting to IT professionals and security researchers. Check out the new blog at http://blogs.technet.com/swi
*This posting is provided "AS IS" with no warranties, and confers no rights.*
Hi, this is Kieron, the MSRC Program Manager responsible for Internet Explorer.
On Tuesday we released Knowledge Base article KB946627, which highlighted a known issue with Internet Explorer 6 on Windows XP Service Pack 2 after applying MS07-069 Cumulative Security Update for Internet Explorer (942615). The article documented a workaround, which required a registry setting change.
Since then, the Internet Explorer team has been working to release an automated workaround application of the registry setting discussed in KB946627.
We have updated Knowledge Base article KB946627 so that it points to the automated workaround. It has also been made available via Windows Update and Automatic Update for all Internet Explorer 6 customers on Windows XP Service Pack 2.
Customers who are affected by the known issue after installing MS07-069 Cumulative Security Update for Internet Explorer (942615) should apply 946627 or run Windows Update
Kieron Shorrock
We have been investigating public reports of possible problems on systems that have installed the Cumulative Security Update for Internet Explorer (942615), released earlier this month. We have some information to share with you regarding the results of our investigation into these reports.
First, I want to note the security update does protect against the vulnerabilities noted in the bulletin. If you are not experiencing issues noted in the below referenced Knowledge Base article, no action is needed.
We have been working with a small number of customers that reported issues related to the installation of MS07-069. Specifically, on a Windows XP Service Pack 2 (SP2)-based computer, Internet Explorer 6 may stop responding when you try to a visit a web site.
We’ve made an update to the Knowledge Base article for MS07-069, KB942615, which highlights the known issue.
We have also added the following known issue Knowledge Base article KB946627. Because this occurs in a customized installation, this isn’t a widespread issue.
Customers who believe they are affected can contact Customer Support Services at no charge using the PC Safety line at 1-866-PCSAFETY (North America). All customers, including those outside the U.S., can visit http://support.microsoft.com/security for assistance.
Thanks,
On Tuesday we released MS07-069 Cumulative Security Update for Internet Explorer. Since then, we have had reports from some customers experiencing difficulties loading the Bulletin webpage. We have received reports that pages are slow to load, not found or timing out. Please be assured that this does not affect the installation or downloading of the actual package. The issue only affects the web page displaying the bulletin details.
Background on the issue
The reason customers are only experiencing these issues with the IE bulletin is due to the amount of detail in the bulletin text. Over time, the File Information section has grown. Given all Internet Explorer security updates are cumulative, the File Information section has grown with each release. We do this so customers only need to install the latest Internet Explorer security update to be protected.
We are now at a point where the page related to the bulletin text is taking too long to load, resulting in the issues customers have been reporting to us. We have therefore decided to move the File Information details into the Knowledge Base article associated with the bulletin. We have only made the change to MS07-069 Cumulative Security Update for Internet Explorer Bulletin. This will reduce the size of the page allowing it to load faster and more reliably. We had planned to move the File Information details into the Knowledge Base early next year, but because customers are affected today, we decided to make the changes sooner.
What does this mean?
We will be listening closely to customer feedback on the changes I have made to MS07-069 Cumulative Security Update for Internet Explorer. If these changes are successful, we will look at implementing this into all future security updates.
Hi Everyone,
This is Tami Gallupe, MSRC release manager, and I just wanted to let you know that we’ve posted our bulletins for December 2007. We released seven bulletins today: three have a maximum severity of Critical, and four have a maximum severity of Important. Here is a snapshot of what we released and you can find more information at the Security Bulletin Summary for December 2007.
MS07-063: This update addresses a vulnerability in SMBv2 that could allow remote code execution, and has a maximum severity of Important.
MS07-064: This update addresses two vulnerabilities in Microsoft DirectX that could allow code execution, and has a maximum severity of Critical.
MS07-065: This update addresses a vulnerability in Message Queuing that could allow remote code execution, and has a maximum severity of Important.
MS07-066: This update addresses a vulnerability in Windows Kernel that could allow elevation of privilege, and has a maximum severity of Important.
MS07-067: This update addresses a vulnerability in Macrovision Driver that could allow local elevation of privilege, and has a maximum severity of Important.
MS07-068: This update addresses a vulnerability in Windows Media File Format that could allow remote code execution, and has a maximum severity of Critical.
MS07-069: This is a cumulative security update for Internet Explorer and the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. This bulletin has a maximum severity of Critical.
Additionally, we released the regularly scheduled Microsoft Windows Malicious Software Removal Tool. You can find more information about this tool at www.microsoft.com/malwareremove.
And last but not least, I would like to invite you to join us tomorrow for our final MSRC webcast of 2007. It will begin at 11:00 AM, PST, and we’ll be providing a technical overview of each bulletin, as well as answering related questions you may have about this release. Click here to register. We look forward to hearing from you then!
Happy holidays!
Tami
“Update: Tami here, I wanted to let you know that there’s a small delay in the posting of the wsusscan cab that is used so that SMS ITMU can deploy these updates. All other deployment mechanisms are already available. We expect to see wsusscan cab become available later this afternoon and we will let you know when it is published.”
“Update 2: The latest wsusscan cab has now been posted.”
Hello,
I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, December 11, 2007 at or around 10 a.m. Pacific Time.
It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
As part of our regularly scheduled bulletin release, we’re currently planning to release:
· Six Microsoft Security Bulletins affecting Microsoft Windows with a Maximum Severity rating of Critical. Some of these updates will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
· One Microsoft Security Bulletin affecting Internet Explorer with a Maximum Severity rating of Critical. This update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.
As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.
Finally, we are planning to release six high-priority, non-security updates on Microsoft Update and one high-priority, non-security update on Windows Update.
As always, we’ll be holding the December edition of the monthly security bulletin webcast on Wednesday, December 12, 2007 at 11 a.m., Pacific Standard Time. We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well.
You can register for the webcast here:
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032344696&Culture=en-US
Bill Sisk
Hello. My name is Tim Rains and I work on the Security Response Communications Team at Microsoft. My team works to provide communications around security response to our customers through the MSRC Blog and other types of communications vehicles.
I want to let you know that we have just posted Microsoft Security Advisory 945713, which provides information about a vulnerability in the way Microsoft Windows XP SP2, Windows Server 2003 SP1, Windows Server 2003 SP2 and Windows Vista find a Web Proxy Automatic Discovery (WPAD) server. This vulnerability also affects supported versions of Internet Explorer.
At this time, we are not aware of attacks attempting to use the reported vulnerability, but we will continue to track this issue. The advisory contains several mitigations that customers can use to help protect themselves from attackers.
We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information.
Thanks.
Tim