Hello,

Today we published the June Security Bulletin Webcast Questions & Answers page. We fielded fifteen questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool.  There were two questions during the webcast that we were unable to answer, and we have included those questions and answers on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, July 13th at 11am PDT (-8 UTC), when we will go into detail about the July bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

 Date: Wednesday, June 15, 2011
Time: 11:00 a.m. PDT (UTC -8)
Register: Attendee Registration

Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Hello there. First off, I’d like to share some news regarding the updates we made to the Autorun feature in Security Advisory 967940, which we released in February 2011. The advisory made changes to how Autorun handles “non-shiny” media (eg., USB thumb drives). The change was expected to make a significant difference to infection rates by malware that uses Autorun to propagate, and we’ve been monitoring those rates ever since.

The initial results are encouraging. As of May 2011, the number of infections found by the Malicious Software Removal Tool (MSRT) per scanned computer declined by 59 percent on Windows XP machines and by 74 percent on Windows Vista machines in comparison to the 2010 infection rates on those platforms. (Windows 7 had the updated Autorun settings built in by default.) For more details and statistics regarding the drop in Autorun-abusing malware infections, please see the Microsoft Malware Protection Center (MMPC) blog.

As we previously mentioned in the Advance Notification blog on Thursday, today we are releasing 16 security bulletins, nine of which are rated Critical, and seven of which are rated Important. There are four Critical-level updates that we want to call out as top priorities for our customers in June:

• MS11-042 (DFS). This bulletin resolves two privately reported issues affecting all versions of Windows.
• MS11-043 (SMB Client). This bulletin resolves one privately reported issue affecting all versions of SMB Client on Windows.
• MS11-050 (Internet Explorer). This security bulletin resolves 11 privately reported issues in Internet Explorer.
• MS11-052 (Windows). This bulletin resolves one privately reported issue in Windows and is also Critical.

We recommend that customers apply these and all other updates as soon as possible.

In this video, Jerry Bryant discusses this month's bulletins in further detail, focusing on these four bulletins:

As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view):

The Security Research & Defense team has further information on deployment priorities for today’s bulletins on their blog.

Meanwhile, our risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view):

Since we’ve started specifying separate Exploitability Index ratings for the current and the earlier versions of products affected by each vulnerability, it’s easier to see how individual vulnerabilities affect newer products versus older ones. We assign Exploitability Index ratings solely to Critical- and Important-severity vulnerabilities, and there are 32 of those this month (the others are Moderate-level issues in MS11-050). Of those, 14 vulnerabilities have a lower Exploitability Index rating for the latest-and-greatest version of the software than for the older version, or the latest version isn’t affected at all. The remaining CVEs have no difference in severity between the versions.

More information about this month's security updates can be found on the Microsoft Security Bulletin Summary web page. Also this month, Microsoft is increasing MSRT detection capabilities for three worm families -- Win32/Rorpian, Win32/Yimfoca and Win32/Nugel. Please see today’s MMPC blog for more information.

Per our usual process, we’ll offer the monthly technical webcast on Wednesday, June 15, hosted by Jerry Bryant and Jonathan Ness. We invite you to tune in and learn more about the June security bulletins, as well as other announcements made today. The webcast is scheduled at 11 a.m. PDT, and the registration can be found here.

For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse. Also feel free to tweet the hash tag #MSFTSecWebcast and ask any questions you may have regarding the bulletins before Wednesday at 11am PDT. We’ll answer as many questions as possible live during the webcast.

Thanks,

Angela Gunn
Trustworthy Computing.

Before we get into this month’s release, we wanted to alert you to updates to a document that’s been central to much of how Microsoft thinks about security. Ten years ago, Microsoft penned the “Ten Immutable Laws of Security,” which debuted on TechNet. It was written before the rise of – among other technologies and trends – cloud computing, social networking, widespread smartphone adoption, and Windows XP, to name but a few landmarks along the way. Did a decade of change mutate the Immutables? How can understanding the Laws lead to smarter security for everyone from corporations to home users? We invite you to read “Ten Immutable Laws of Security 2.0” and see for yourself.

As for this month’s bulletins, today we’re providing Advance Notification Service information on 16 bulletins (nine Critical in severity, seven Important) addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight and ISA.  All bulletins will be released on Tuesday, June 14, at approximately 10am PDT. Come back to this blog on Tuesday for our official risk and impact analysis, along with deployment guidance and a video overview of the release.

One of the issues we start to address in this release is “cookiejacking,” which allows an attacker to steal cookies from a user’s computer and access websites the user has logged into. The Internet Explorer bulletin will address one of the known vectors to the cookie folder. Given the prevalence of other types of social engineering methods in use by criminals, which provide access to much more than cookies, we believe this issue poses lower risk to customers. Further, based on a signature that has been released to millions of Microsoft Security Essentials and Forefront customers, the Microsoft Malware Protection Center (MMPC) has not detected attempts to use this technique.

We’re also preparing for our monthly technical webcast, which is scheduled for 11am PDT on Wednesday, 15 June. Your hosts this month will be Jerry Bryant and Jonathan Ness, and they’ll be discussing each of the bulletins and taking your questions live on the air. Register in advance for the webcast here.

As always, we encourage you to follow our Twitter feed at @msftsecresponse for the latest news from the Microsoft Security Response Center.

Thanks –

Angela Gunn
Trustworthy Computing.