October, 2008

  • October 2008 Advanced Notification

    Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Oct. 14, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of our regularly scheduled bulletin release, we’re currently planning to release: · Four Microsoft Security...
  • Update 1: Microsoft Security Advisory 951306

    Hello, Bill here, I wanted to let you know that we have just updated Microsoft Security Advisory (951306) . Exploit code has been published on the Internet for the vulnerability addressed by this Advisory. Our investigation has shown that it does not affect customers who have applied the workarounds listed in the Advisory. At this time, we are not aware of attacks attempting to use the vulnerability. We will continue to monitor the situation and post updates to the Advisory and the MSRC...
  • Microsoft Security E-mail Spoofs with Malware

    Hi t his is Christopher Budd, We received some questions from customers about an e-mail that’s circulating that claims to be a security e-mail from Microsoft. The e-mail comes with an attached executable, which it claims is the latest security update, and encourages the recipient to run the attached executable so they can be safe. While malicious e-mails posing as Microsoft security notifications with attached malware aren’t new (we’ve seen this problem for several years) this particular...
  • Questions about Microsoft Security Advisory 951306

    I’m Dustin, a Security Program Manager in the Microsoft Security Response Center (MSRC). We have received a few questions regarding a public issue and we wanted to update you on the status of how we plan to address it. The issue revolves around Security Advisory 951306 . We originally posted this advisory in March as a result of an issues discussed publicly that described a method of using system tokens to elevate privileges on Windows XP and 2003 systems. As always, we began our investigation...
  • October 2008 Monthly Bulletin Release

    Hello Everyone! This is Steve Adegbite. I am new to the MSRC Crew. I work with Simon and Tami to help manage Microsoft’s security update releases. I also help with Microsoft’s Partner outreach effort and the Microsoft Active Protections Program (MAPP). So from time to time you will be hearing from me. For my first post, I want to go ahead and let you know about today’s update release. I also want let you know of the launch of the Microsoft Active Protections Program (MAPP) and Exploitability...
  • Security Bulletin Webcast Questions and Answers - October 2008

    Hi, During this month’s webcast we were able to address 18 questions in the time allotted. The questions were spread fairly evenly across all bulletins, as well as the Exploitability Index that was released for the first time with this Bulletin Release Cycle. Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions: http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-October-2008.aspx Also, here...
  • Monthly Security Bulletin Webcast Q&A – October, 2008

    Register now for the Novemberr 2008 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: October 2008 Security Bulletin Date: Wednesday, October 15, 2008 Q: What is the difference between Microsoft Update and Windows Update as patch mechanisms? A: Windows Update only provides detection and deployment support...
  • Advance Notification for Out-of-Band Release

    Hello this is Christopher Budd, I wanted to let you know that we’ve just posted an Advance Notification for an out-of-band bulletin release. We plan to release one Windows security bulletin with a maximum severity of Critical; scheduled for a target time of 10:00 a.m. PT on Thursday Oct. 23, 2008. A restart will be required. We have scheduled a special webcast to cover this release. This will also be on Thursday at 1 p.m. PT. You can register for it here . Thanks Christopher *This...
  • MS08-067 Released

    Hi, This is Christopher Budd. Following up on my post from last night, I wanted to let you know that we’ve released MS08-067 today. This security update resolves a vulnerability in the Server service that affects all currently supported versions of Windows. Windows XP and older versions are rated as “Critical” while Windows Vista and newer versions are rated as “Important”. Because the vulnerability is potentially wormable on those older versions of Windows, we’re encouraging customers to test...
  • Additional Microsoft Security Bulletin Webcasts and Information Available for MS08-067

    Hi All, Mike Reavey, here. Just wanted to let you know that based on customer feedback, w e have set up two additional Security Bulletin Webcasts related to this o ut - of -b and release. Details are below: · For the Thursday , 10/23/08 , 5:00 PM Webcast , c ustomers can register at: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032394183&Culture=en-US · For the Friday , 10/24/08 , 11:00 AM Webcast , c ustomers can register at: http://msevents.microsoft.com/CUI...