Hello,

Today we published the November 2010 Security Bulletin Webcast Questions & Answers page. You'll notice it was a fairly brief webcast; all the questions we received concerned installation specifics, which we especially appreciate as a sign that customers are updating their systems quickly.

We invite our customers to join us for the next public webcast on Wednesday, December 15 at 11am PST (-8 UTC), when we will go into detail about the December bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, December 15, 2010
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

Thanks --

Jerry Bryant
Group Manager, Response Communications
Trustworthy Computing Group

Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing three security bulletins, addressing 11 vulnerabilities. One of the bulletins has a Critical severity rating, while the other two are rated Important. Recapping the trio:

• MS10-087 This bulletin resolves five issues affecting all currently supported Microsoft Office products. The bulletin is rated Critical for Office 2007 and Office 2010 due to a preview pane vector in Outlook that could trigger the vulnerability when a customer views a specially crafted malicious RTF (Rich Text Format) file. The update also addresses an Office vector for the vulnerability described in Security Advisory 2269637, which has been referred to as "DLL Preloading" and "Binary planting." MS10-087 is Microsoft's top priority bulletin for deployment in November and has an Exploitability Index rating of 1.

• MS10-088 This bulletin resolves two cooperatively disclosed vulnerabilities in Microsoft PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. The overall severity rating is Important due to the user interaction required to open the malicious file and we give the bulletin a rating of 2 in our deployment priority assessment.

• MS10-089 This bulletin resolves four cooperatively disclosed vulnerabilities in Unified Access Gateway (UAG), which is a component of Microsoft Forefront. The most significant of these could allow elevation of privilege if a user clicks on a malicious link on a website. This update is offered through the Microsoft Download Center and is not available through Microsoft Update at this time. With an overall severity rating of Important and user interaction required to exploit, we also give this a deployment priority of 2.

We are not aware of any active attacks seeking to exploit the vulnerabilities addressed in this month's release. Please see the video below for additional information on the November bulletins:

As always, we recommend that customers deploy all security updates as soon as possible. To further assist customers in their deployment planning, here is an aggregate view of risk and impact and our deployment priority guidance (click for larger view):

Our Security Research & Defense (SRD) team takes a closer look at some of the issues raised by this month's round of bulletins today on its blog.

More information about the security updates can be found on the Microsoft Security Bulletin summary web page.  Our Exploitability Index provides additional information to help customers prioritize deployment of the monthly security bulletins.

Please join the monthly technical webcast to learn more about the November 2010 security bulletin release. The webcast is scheduled for Wednesday, November 10, 2010 at 11:00 a.m. PST (UTC -8). Registration is available here.

Remember, you can follow the MSRC team for late breaking news and updates on the threat landscape on Twitter at @MSFTSecResponse.

Thanks,

Jerry Bryant
Group Manager, Response Communications

Hello. We’ve issued our Advance Notification Service for the November ’10 security bulletin release. This time around we’re releasing three updates addressing 11 vulnerabilities in Microsoft Office and Unified Access Gateway (UAG). One bulletin carries a Critical severity rating; the other two are rated Important.

When customers buy Microsoft software, it includes high-quality security updates to be provided via predictable monthly bulletin releases, helping to protect their computing experience over time. As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible.

Next week, please join Dustin Childs and Jerry Bryant for a public webcast on Wednesday (November 10). They’ll go into detail about the release and answer your bulletin-related questions live on the air. Register at the link below:

Date: Wednesday, November 10
Time: 11:00 a.m. PST (UTC –8)
Registration: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=>1032454441

Thanks,

Angela Gunn
PR Manager, Response Communications

Hi everyone,

Today we released Security Advisory 2458511 to address a new vulnerability that could impact Internet Explorer users if they visit a website hosting malicious code. As of now, the impact of this vulnerability is extremely limited and we are not aware of any affected customers. The exploit code was discovered on a single website which is no longer hosting the malicious code. When a website is discovered to host malicious software, we work through legal channels to take the site down. These kinds of attempts to exploit systems and the people using technology are the activity of criminals. Microsoft takes this very seriously and where possible, we will take legal action against those responsible.

Internet Explorer 9 Beta users are not affected by this issue and any customers who wish to upgrade their browser to this version can do so freely at www.microsoft.com/ie. Impacted versions include Internet Explorer 6, 7 and 8, although our ongoing investigation confirms that default installations of Internet Explorer 8 are unlikely to be exploited by this issue. This is due to the defense in depth protections offered from Data Execution Prevention (DEP), which is enabled by default in Internet Explorer 8 on all supported Windows platforms. For supported versions of Windows running earlier versions of Internet Explorer, please review this blog post from our Security Research & Defense team describing how to enable DEP.

The Security Advisory also details a workaround that customers can apply that will protect all affected versions of IE from this issue. We are working to put have a Microsoft Fix it in place for easy implementation of the workaround. Our Security Research & Defense team has also provided a detailed write up on how the workaround protects against the vulnerability.

We have initiated our Software Security Incident Response Process (SSIRP) to manage this issue and are sharing detailed information through the Microsoft Active Protections Program (MAPP). Our 70 global MAPP partners, including leading providers of anti-virus and anti-malware products, provide protections for an estimated one billion customers worldwide. If your protection provider is in our MAPP program, you can contact them concerning the status of providing protections for this issue as it is likely that updated malware signatures in these products will offer further protection. For customers of Microsoft Security Essentials and our Forefront security products, new signatures will be published today offering additional protection. Internet Explorer 8 also includes SmartScreen technology which helps provide protection against many types of socially engineered malware and phishing attacks, and which earlier this year reached the milestone of blocking over 1 billion attempts to download malware. In certain circumstances, SmartScreen may also help to protect customers in this case.

We are working to develop a security update to address this attack against our customers. The issue does not meet the criteria for an out-of-band release. However, we are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog.

As always, we encourage Internet users to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at: www.microsoft.com/protect.

Thank you,

Jerry Bryant
Group Manager, Response Communications
Trustworthy Computing Group

Edited to add: The Fix it is available now from the Knowledge Base article for this Advisory.