Hi Everyone, This is Alan Wallace, senior communications manager for our security response communications team. Today, Microsoft released Security Advisory 975191 , to provide customer guidance and protection from a vulnerability that could allow remote code execution on affected systems running the FTP service in Microsoft Internet Information Services (IIS) 5.0, 5.1 and 6.0, and connected to the Internet. While we have seen detailed exploit code published on the Internet for this vulnerability...

Advance Notification for the September 2009 Security Bulletin Release This month we will be releasing 5 security bulletins, all affecting Windows, and all with an aggregate severity rating of critical. As always, the target for release is the second Tuesday of the month at 10:00 a.m. PDT (UTC -8). Please check back here at that time as we will be posting our risk and impact assessment, a new deployment prioritization table and an overview video. Also, we encourage you to join us live on Wednesday...

Hi Everyone, Today we updated Security Advisory 975191 as we are now seeing limited attacks. Additionally, a new proof of concept published allowing for Denial of Service (DoS) attacks on Windows XP and Windows Server 2003 with read access to the File Transfer Protocol (FTP) service. This does not require Write access. Also, a new POC allowing DoS was disclosed this afternoon that affects the version of FTP 6 which shipped with Windows Vista and Windows Server 2008. Customers should be aware that...

Summary of Microsoft’s Security Bulletin Release for September 2009 Hello again, This month we released five critical bulletins to address vulnerabilities in Windows and protect customers from two types of threats: 1. Browser based attacks where websites hosting malicious code attempt to compromise visitors. This includes MS09-045 , MS09-046 and MS09-047 . 2. Network based scenarios where attackers attempt Remote Code Execution (RCE) or Denial-of-Service (DoS) type attacks. This includes MS09-048...

We’ve just released Microsoft released Security Advisory 975497 that provides information about a new, irresponsibly reported vulnerability in SMB 2.0. Our investigation has shown that Windows Vista, Windows Server 2008 and Windows 7 RC are affected by this vulnerability. Windows 7 RTM, Windows Server 2008 R2, Windows XP and Windows 2000 are not affected by this vulnerability. The Security Advisory outlines steps that Windows Vista and Windows Server 2008 customers can take to help protect themselves...

In the September 2009 security bulletin webcast, it was clear that customers had a lot of concerns about MS09-048 as almost half the questions we answered were on that topic. The questions and answers from the session are now posted here on the blog . As we mentioned in the webcast, The MS09-048 bulletin has been updated to call out Windows XP in the affected products list with a severity rating of low for the two Denial-of-Service vulnerabilities (the third, Remote Code Execution vulnerability,...