January, 2009

  • January 2009 Monthly Bulletin Release

    Happy New Year to everyone. As Bill noted in his posting on Thursday , we are releasing one new bulletin today, MS09-001 . This bulletin is rated as ‘Critical’ for Windows 2000, Windows XP and Windows Server 2003 and is rated as ‘Moderate’ for Windows Vista and Windows Server 2008. My colleague Mark Wodrich has put together a posting over at the Security Vulnerability Research and Defense (SVRD) weblog which explains more about the vulnerability and the Exploitability Index rating. Also, as...
  • January 22, 2009: MS08-067 Conficker Worm Update

    Hi, Bill here, In response to continued customer questions on how to protect and defend themselves against the Conficker Worm, I wanted to let you know the Microsoft Malware Protection Center has published a Threat Research and Response Blog that centralizes Microsoft’s guidance. This will help you understand the nature of the threat and enable you to formulate a defense in depth strategy based on the aspects of your unique environment s . The blog is posted here . We continue to encourage...
  • January 2009 Advanced Notification

    Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Jan. 13, 2009 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change. As part of our regularly scheduled bulletin release, we’re currently planning to release one security bulletin: ...
  • Security Bulletin Webcast Questions and Answers - January 2009

    Hi, During this month’s webcast we were able to address 21 questions in the time allotted. We addressed several questions regarding MS09-001 and its relationship to previously released SMB bulletins. There were also questions regarding update deployment and attack vectors addressed. The remaining questions primarily concerned the Malicious Software Removal Tool (MSRT) update regarding the W32/Conficker worm. Here is the link to the full Q&A so you can see all of the answers that were...
  • Monthly Security Bulletin Webcast Q&A - January 2009

    Register now for the January 2009 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: January 2009 Security Bulletin Date: Wednesday, January 14, 2009 Q: So just to clarify there is no known code in the wild and if there was to be how would it get injected into the environment? A: Exploitation of this issue...
  • Security Bulletin Webcast Q&A - OOB December 2008

    Register now for the January 2009 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Mike Reavey, Group Program Manager (MSRC) Website: TechNet/security Chat Topic: Microsoft out-of-band Security Bulletin (MS08-067) TechNet Webcast Date: Wednesday, December 17, 2008 and Thursday, December 18, 2008 Note: The below questions were submitted from webcast attendees and are not necessarily in the order...
  • Monthly Security Bulletin Webcast Q&A - December 2008

    Register now for the January 2009 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: December 2008 Security Bulletin Date: Wednesday, December 10, 2008 Q: SANS reported a 0 day not patched in MS08-073 ; can we anticipate another “out of band” patch if and when Microsoft confirms the vulnerability? A...