February, 2010

  • Security Advisory 980088 Released

    Hi everyone, Today we released Security Advisory 980088 to address a publicly disclosed vulnerability in Internet Explorer that may allow Information Disclosure for customers running on Windows XP or who have disabled Internet Explorer Protected Mode.  At this time we are not aware of any attacks seeking to use the vulnerability. Customers running Internet Explorer 7 or Internet Explorer 8 in their default configuration on Windows Vista or later operating systems are not vulnerable to this issue...
  • February 2010 Bulletin Release Advance Notification

    Today we released February bulletin information through our Advance Notification Service (ANS) . This month, we will be releasing 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities. Eleven of the bulletins affect Windows and the remaining two affect Office. More information about the upcoming security updates can be found on the Advance Notification Service (ANS) webpage . As we started to do in December, we want to give customers...
  • February 2010 Security Bulletin Release

    MSRC Bulletin Release Blog Post Hi everyone, As mentioned in our ANS blog post last week, today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office. In the post on Thursday, we mentioned that bulletins in the ANS listed as 1, 2, 3, and 6 were going to top our deployment priority list this month. We have also added MS10-015 (#12) to that list. It addresses Security Advisory 979682 . We are aware of publicly available...
  • Restart issues after installing MS10-015

    Hi everyone, I am writing to let you know that we are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software. Our teams are working to resolve this as quickly as possible. We...
  • Monthly Security Bulletin Webcast Q&A - February 2010

    Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: February 2010 Security Bulletin Release Date: Wednesday, February 10, 2010 Q: MS10-003 supersedes MS09-062 which was released for Windows in addition to Office. Does MS10-003 supersede only the Office XP components of MS09-062 or does it supersede all of MS09-062 ? A: MS10-003 only replaces the Office XP components of MS09-062...
  • February 2010 Security Bulletin Webcast

    Hi everyone, As we do every month following our public webcast, we have posted the questions and answers ( which you can find here ) and the recorded webcast below. This month there were no particular themes that emerged in the questions. They ranged from wanting clarification of what it means when we say something is “public” to questions like “Will applying Enable_SSL_Renegotiate_Workaround.js cause IIS 7 to break SSL VPN connections?” You can find the answers to these and many other questions...
  • Update - Restart Issues After Installing MS10-015

    In our continuing investigation in to the restart issues related to MS10-015 that a limited number of customers are experiencing, we have determined that malware on the system can cause the behavior. We are not yet ruling out other potential causes at this time and are still investigating. Please review our blog post from yesterday for additional information . One of the key components when investigating issues like this are obtaining memory dumps from computers experiencing the problem. In order...
  • Update - Restart Issues After Installing MS10-015 and the Alureon Rootkit

    Hi, We wanted to provide you with an update on our ongoing investigation into the “blue screen” issues affecting a limited number of customers who installed MS10-015 . We have been working around the clock with our customers, partners and several teams at Microsoft to determine the cause of these issues. Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit . We were able to reach this conclusion after the comprehensive...
  • Investigating a new win32hlp and Internet Explorer issue

    Hi everyone, On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows...