Hi, Bill here,

In response to continued customer questions on how to protect and defend themselves against the Conficker Worm, I wanted to let you know the Microsoft Malware Protection Center has published a Threat Research and Response Blog that centralizes Microsoft’s guidance.  This will help you understand the nature of the threat and enable you to formulate a defense in depth strategy based on the aspects of your unique environments. The blog is posted here.

We continue to encourage customers to deploy the Security Update for Microsoft Security Bulletin MS08-067 update as soon as possible as well as implementing a defense in depth approach based on in the information provided in the Microsoft Malware Protection Center Blog.

We will continue to monitor the situation via our ongoing Software Security Incident Response Process (SSIRP) and are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs.

Thanks,

Bill

*This posting is provided "AS IS" with no warranties, and confers no rights*

Hi,

During this month’s webcast we were able to address 21 questions in the time allotted. We addressed several questions regarding MS09-001 and its relationship to previously released SMB bulletins. There were also questions regarding update deployment and attack vectors addressed. The remaining questions primarily concerned the Malicious Software Removal Tool (MSRT) update regarding the W32/Conficker worm.

Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:

http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-January-2009.aspx

Also, here is the link to the Q&A index page in case you want to view previous months:

http://blogs.technet.com/msrc/pages/microsoft-security-bulletin-webcast-q-a-index-page.aspx

As always, customers experiencing issues installing any of the updates this month should contact our Customer Service and Support group:

Customers in the U.S. and Canada can receive technical support from Microsoft Customer Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Thanks!

Al Brown

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Happy New Year to everyone.

As Bill noted in his posting on Thursday, we are releasing one new bulletin today, MS09-001. This bulletin is rated as ‘Critical’ for Windows 2000, Windows XP and Windows Server 2003 and is rated as ‘Moderate’ for Windows Vista and Windows Server 2008. My colleague Mark Wodrich has put together a posting over at the Security Vulnerability Research and Defense (SVRD) weblog which explains more about the vulnerability and the Exploitability Index rating.

Also, as we do every month, we’ve released an updated version of our Malicious Software Removal Tool (MSRT). This month’s release adds the ability to remove the Win32/Conficker and Win32/Banload families of malware. Impacted customers will be interested in the addition of Win32/Conficker.B; which has had a significant and sudden impact on some customers. While we’ve had protections for Win32/Conficker.B; since Dec 29, 2008 in Microsoft Forefront, Windows Live OneCare, and Windows Live OneCare safety scanner, we’re also adding it to the MSRT to help impacted customers with remediation. My colleagues over in the Microsoft Malware Protection Center (MMPC) have more details about this on their weblog.

We know that there might be some questions about the beta version of Windows 7 and today’s bulletin. Windows 7 is affected only by the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) and, like Windows Vista and Windows Server 2008, would be rated as Moderate because the vulnerability would require authentication for any attack to succeed.. We provide security updates for beta versions of Windows through Windows Update for Critical issues only. So the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) will be addressed in the next public release for Windows 7.

Finally, as we do each month we’ll be hosting our TechNet Security Bulletin webcast tomorrow, Jan. 14, 2009 at 11 a.m. Pacific time where we’ll review the bulletins and answer your questions live. If you can’t join us live, you can also watch the webcast on demand afterward. You can register for the webcast (either live or on demand) here.

Thanks,

Christopher

*This posting is provided "AS IS" with no warranties, and confers no rights*

Hello, Bill here.

I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Jan. 13, 2009 around 10 a.m. Pacific Standard Time.

It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release one security bulletin:

·        One Microsoft Security Bulletin rated as Critical. The update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

As always, we’ll be holding the January edition of the monthly security bulletin webcast on Wednesday, Jan. 14, 2009 at 11 a.m., Pacific Standard Time.  We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well at the same URL. In addition, we’ll also be posting the text of the questions and answers from each month’s webcast. You can see a full listing of the posted questions and answers on this page.

You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032395120&Culture=en-US