Advance Notification for the January 2010 Security Bulletin Release

It may be a new year but here in the Microsoft Security Response Center, it is business as usual. This month we have one bulletin addressing a single vulnerability in Windows. The vulnerability is critical on Windows 2000 and low for all other platforms. Customers with Windows 2000 systems will want to review and deploy this update as soon as possible but, as we will show in our release guidance next week, the Exploitability Index rating for this issue will not be high which lowers the overall risk.

I also want to proactively point out that we will not be addressing Security Advisory 977544 (Vulnerability in SMB Could Allow Denial of Service). We are still working on an update for the issue at this time. We are not aware of any active attacks using the exploit code that was made public for this vulnerability and continue to encourage customers to follow the guidance in the advisory which outlines best practices to help protect systems against attacks that originate outside of the enterprise perimeter.

As always, the bulletin release is slated for the second Tuesday of the month (Jan 12) at 10:00 a.m. PST (UTC -8). Come back to this blog at that time for our official risk & impact analysis and deployment guidance and also visit our Security Research & Defense blog for a deeper technical dive in to the bulletin being released this month.

Finally, please join Adrian Stone and I next Wednesday Jan 13 at 11:00 a.m. PST (UTC -8) when we conduct our live webcast and address customer questions about this release. Go here to register.

Thanks!

Jerry Bryant

*This posting is provided "AS IS" with no warranties, and confers no rights*