Summary of Microsoft’s Security Bulletin Release for November 2009 Today, we released six security bulletins addressing a total of 15 vulnerabilities. Four affect Windows and Windows Server and two affect Microsoft Office products (Excel and Word). As we do every month, we have prepared our Risk & Impact and our Deployment Priority guidance to help customers assess risk to their environments and prioritize the deployment of this month’s updates. Risk & Impact is a snapshot of the cumulative...

Advance Notification for the November 2009 Security Bulletin Release To help customers plan and prioritize for this month’s security updates, we wanted to let you know that we will be releasing 6 bulletins (three critical and three important) addressing 15 vulnerabilities, affecting Windows and Microsoft Office products. Customers should plan a restart for the Windows bulletins. The Office bulletins may not require a restart if the components being updated are not in use. More information about...

Today we released an update 976749 that addresses two issues with MS09-054 that a limited number customers reported to us through our Customer Service and Support (CSS) group. These two issues can affect the proper display of web pages. For additional details, please refer to Microsoft Knowledge Base article 976749 . Security update MS09-054 was released as part of the October Security Bulletin Release cycle and protects against the vulnerabilities outlined in the bulletin. Also, we’re not currently...

We just released Security Advisory 977981 concerning an issue affecting Internet Explorer 6 and Internet Explorer 7 that could lead to remote code execution. At this time, we are not aware of any active attacks seeking to use this vulnerability. Our teams are currently working to develop an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out of band. I want to point out that Internet...

Today we released Security Advisory 977544 to provide information, including customer guidance, on a publicly reported Denial-of-Service (DoS) vulnerability affecting Server Messaging Block (SMB) Protocol. This vulnerability, in SMBv1 and SMBv2, affects Windows 7 and Windows Server 2008 R2. Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003 and Windows 2000 are not affected. I want to be clear that this is a DoS vulnerability that is unrelated to Microsoft Security Bulletin...

This Thursday, many people in the United States will celebrate Thanksgiving. As you probably all know, this is traditionally seen as a time to express gratitude. Well, yesterday, we updated our “ Security Researcher Acknowledgments for Microsoft Online Services ” page to publicly say “thank-you” to researchers that reported issues in our online services to us for the month of October. This page doesn’t get a whole lot of attention, at least not as much as our security bulletins, but a quick look...

Hello. This is Jerry Bryant letting you know that the questions and answers from our November Security Bulletin webcast have been posted and the video from the webcast is below. We did not get very many questions this month and the ones we did get covered various topics and were not focused in one particular area. One very good question we received had to do with the Microsoft Word bulletin, MS09-068 . The user asked if an attack could execute via the Outlook 2007 preview function. This function...