April, 2009

  • Changes in Windows to Meet Changes in Threat Landscape

    Customers have heard us say over the years that the threat environment is an ever-evolving one. That means that one of our jobs in working to keep customers safe is to continually monitor the threat environment and make changes to adapt to it. Today, we’re announcing modifications in Windows that adapts to recent changes in the threat environment. Specifically, we’re announcing changes to the behavior in AutoPlay so that it will no longer enable an AutoRun task for devices that are not removable...
  • Token Kidnapping

    Hello everyone, As you can see from the April 2009 release summary, we addressed the Token Kidnapping issue with bulletin MS09-012 . This issue allowed an attacker to gain full control of a server if the attacker can first run malicious code on the server as a lesser privileged user. This issue was originally presented by Cesar Cerrudo in March of 2008 at Hack in the Box (Dubai) 2008 . In April of 2008, we released an advisory to inform customers of actions they could take to protect...
  • Conficker.E

    We’ve seen some activity in the Conficker space in the past two days and this has caused some questions from customers. Specifically, there have been reports of two possible new variants of Conficker . Our colleagues over at the Microsoft Malware Protection Center (MMPC) have done a thorough analysis of both of these and have determined that there’s really only one new variant, which they’re calling Conficker.E . Most importantly, the signatures that protect against Conficker.A are also effective...
  • April 2009 Monthly Bulletin Release

    April is here and is turning out to be a typical, busy month, if one can call it that. In general, when we have a large release, the number of updates ranges from 7-12. With this in mind, we released eight security updates this month: 5 rated as Critical, 2 rated as Important, and one rated as Moderate. MS09-009 This bulletin addresses two remote code execution vulnerabilities in Microsoft Excel. An attacker could exploit the vulnerability by sending a user a malformed Microsoft Excel...
  • Microsoft Security Advisory 969136

    Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (969136) . This advisory contains information regarding public reports of a vulnerability in Microsoft Office PowerPoint that could allow for remote code execution if a user opens a specially crafted PowerPoint file. At this time, we are aware only of limited and targe ted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your...
  • April 2009 Advanced Notification

    Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release, scheduled for Tuesday, April 14, 2009 around 10 a.m. Pacific Daylight Time. This should help you plan for your deployment process for next week and address these vulnerabilities to protect your computing environments. As part of this month’s security bulletin release process, we will issue eight security bulletins – five rated ‘Critical,’ two rated ‘Important,’ and one rated...
  • Microsoft Security Intelligence Report volume 6

    Hello, Bill here, Today is the release of the Microsoft Security Intelligence Report volume 6. The report can be found here: http://www.microsoft.com/sir . A section in the report is devoted to out-of-band (OOB) releases. So, I thought I would blog a bit about these types of releases in the broader context of update management. Security update management is a security discipline in itself. It is a fundamental security pillar in the security protection landscape. It is comprised...
  • Security Bulletin Overview Video – April 2009

    Hi Everyone, Jerry Bryant again. Here is the overview video for the April 2009 bulletins. Please join us tomorrow at 11:00 am PDT (UTC –7) for our bulletin webcast where we will cover this months updates in more detail and try to answer all of your bulletin related questions. More viewing options: Windows Media Video (WMV) Windows Media Audio (WMA) Large Preview Image (PNG) Small Preview Image (PNG) iPod Video (MP4) MP3 Audio Streaming WMV (512kbps) High Quality WMV (2.5 Mbps) Zune Video (WMV) Thanks...
  • April 2009 Security Bulletin Webcast Video

    Hello again, This is Jerry Bryant letting you know that we have published the security bulletin webcast video. As you know, on Tuesday, we published a quick overview of the 8 bulletins we released on that day. Yesterday we conducted a live, public webcast, where we went in to more detail on each bulletin. The recording from that webcast is embedded below. Usually we include the questions and answers portion along with this but this month we will point you to the transcript which should be published...
  • Monthly Security Bulletin Webcast Q&A - April 2009

    Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Program Manager Website: TechNet/security Chat Topic: April 2009 Security Bulletin Date: Wednesday, April 15, 2009 Q: I understand that Windows Server Update Service (WSUS) v2.0 Service Pack 1 lifecycle support ends April 2009. My question is, will WSUS v2.0 Service Pack 1 continue to be a working tool beyond this month? A: We plan to make most new updates, including the latest version of Windows...