August 2011 Security Bulletin Webcast Q&A
Hosts: Jonathan Ness, Security Development Manager
Jerry Bryant, Group Manager, Response Communications
Chat Topic: August 2011 Security Bulletin ReleaseDate: Wednesday, August 10, 2011
Q: Is MS11-061 *ONLY* applicable if you have Remote Desktop Web Access enabled?
A: Yes, Windows Server 2008 R2and Windows Server 2008 R2 Service Pack 1 are only affected if the RemoteDesktop Web Access role is enabled on the server.
Q: For what types of Excel files will KB2560656 – MS11-059 -- cause extra prompts for users?A: Potentially, any type of Excel file can be used. This vulnerability is most common to .xlsx files.
Q: Are there known issues for MS11-069? I followed the link from the MS11-069article to the KB2567951, and then looked at all the KBs listed under "Known Issues and additional Information" and didn't see anything listed as a known issue. Just want tomake sure I am not overlooking something.
A: There are no new known issues for the updates listed in MS11-069. In some cases some of the updates listed in MS11-069 may have low impact, non-actionable issues. These would have been previously documented in individual KB articles as an FYI. We will not be linking to FYI-type KB articles for non-actionable low impact issues, we ask instead that if you encounter a specific issue while installing an updateyou look up the symptom for the problem or the error message you encounter if you see one to find any associated KB article.
Q: Why does MS11-059 have a low priority deployment when is a Remote Code Execution (RCE) and an Exploitability Rating (XI) of 1?A: For this case, the Exploitability Index is1, but there is a lot of user interaction involved in making this a functioningexploit. This lowers the deployment rating.
Q: Is Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package applicableto Windows 7 and Windows Server 2008 R2?A: No. The Report Viewer 2005 SP1 package is not supported on Windows 7 or Windows Server 2008 R2.
Q: I saw last week on a PC that the Malicious Software Removal Tool (MSRT) had run on its own, saying it removed something. Does the MSRT do that or is it “scareware” trying to looklike MSRT?
A: Without more context it is hard to know whether it is MSRT or a rogue behavior. MSRTruns in the background by WU/AU. However when a machine is rebooted, MSRT maynotify the user about the disinfection. Some disinfection requires user’s interaction after reboot.
Q: Is there a blocker tool for .Net Framework 4.0 that can be deployed like IE 8/9 blocker tool (defense in depth)?
A: Users can temporarily block the installation of the .NET Framework 4 Client Profile fromWU and WSUS by following the instructions documented in this KB article: http://support.microsoft.com/kb/982320