January, 2010

  • January 2010 Out-of-Band Security Bulletin Webcast

    Hello everyone, Yesterday Adrian Stone from the Microsoft Security Response Center (MSRC) and I hosted a live webcast to discuss Security Bulletin MS10-002 and Security Advisory 979682 in more detail with customers. Below is the video of that presentation and you can find the question & answer transcript here . We spent over an hour answering customer questions during the webcast. They were all good. Below the video, I am including a set of links to resources we referred to during the presentation...
  • Out-of-Band Security Bulletin Webcast Q&A - January 21, 2010

    Hosts: Adrian Stone , Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: January 2010 Out-of-Band Security Bulletin Date: Thursday , January 21, 2010 Q: I understand the severity for workstaitons. Is the severity lower for servers in terms of this vulnerability, since most servers (except Terminal Servers) do not use IE? A: By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs...
  • Bulletin MS10-002 Released

    Hello, Today we released Security Bulletin MS10-002 out-of-band to address vulnerabilities in Internet Explorer. All customers using currently supported versions of Windows and Internet Explorer should apply this update as soon as possible. Once applied, customers are protected against the known attacks that have been widely publicized. For customers using automatic updates, this update will automatically be applied once it is released. I also wanted to clarify some information that we included in...
  • Security Advisory 979682 Released

    Today we released Security Advisory 979682 to address an Elevation of Privilege (EoP) vulnerability in the Windows kernel, affecting all currently supported versions of 32-bit Windows. 64-bit versions of Windows, including Windows Server 2008 R2, are not affected. The advisory provides customers with actionable guidance to help with protections against exploit of this vulnerability. To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system...
  • Advance Notification for Out-of-Band Bulletin Release

    Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21 st , 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible.  This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and small subset of corporations...
  • Security Advisory 979352 – Going out of Band

    We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability. Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6. We continue to recommend customers update to Internet Explorer 8 to benefit from the improved...
  • Advisory 979352 Update for Monday January 18

    For today’s update we want to share some insight on the current threat landscape for Security Advisory 979352 , some new resources we have published and the current status on producing a security update. As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6. We have not seen successful attacks on Internet Explorer 8. We continue to recommend customers update to Internet Explorer 8 to benefit from the...
  • Further Insight into Security Advisory 979352 and the Threat Landscape

    Hi All, We wanted to provide you some insight into the vulnerability reported in Microsoft Security Advisory 979352 , which is related to our ongoing investigation into the recently publicized attacks against Google and other large corporate networks. We understand that there is a lot of noise about this topic right now and we know that our customers are receiving a lot of information about this situation from a variety of sources, so we want to provide some additional insight. First, we will provide...
  • January Security Bulletin Webcast

    Hello again. To close out our January security bulletin release, we have posted the questions and answers from Wednesday’s webcast and embedded the video below. Since we only had one bulletin, the presentation was pretty short and most of the questions were concerning the Adobe Flash Player advisory we released. More listening and viewing options: Windows Media Video (WMV) Windows Media Audio (WMA) iPod Video (MP4) MP3 Audio High Quality WMV (2.5 Mbps) Zune Video (WMV) Please join us next month for...
  • Advisory 979352 Updated

    Hello, Today we updated Security Advisory 979352 to let customers know that we are aware that exploit code for the vulnerability used in recent attacks against IE 6 users, has now been made public. Information on which versions of Internet Explorer are vulnerable and what customers can do to protect themselves is included in the updated Security Advisory. Our teams are continuing to work on an update and we will take appropriate action to protect customers when the update has met the quality...