December 2010

December 2010 Security Bulletin Webcast Q&A

 

 

Hosts:              Jonathan Ness, Principal Security SDE Lead, MSRC

                        Jerry Bryant, Group Manager, Response Communications

Website:         TechNet/security

Chat Topic:     December 2010 Security Bulletin Release
Date:              
Wednesday, December 15, 2010

 

 

Q: Why are there 16 updates for my Windows 7 host machine, but only one optional definition update for Microsoft Security Essentials for my Windows 7 virtual machine? 

A: Unfortunately, we don't have a full view into the various configuration options that may be deployed on specific systems.  If you are having issues with a specific update, you can call 1-866-PCSAFETY for support.

 

Q: How do you verify that DEP is enabled?  In other words, where is the setting to enable/disable DEP?

A: The best way to ensure DEP is enabled is to download and install the Enhanced Mitigation Experience Toolkit (EMET).  You can watch a video detailing EMET at http://technet.microsoft.com/en-us/security/ff859539.aspx . For more information on whether DEP is enabled or supported, please see http://support.microsoft.com/kb/912923 .

 

Q: Does the MS10-101 patch for Windows domain controllers update the msgina.dll, and if so could it cause third-party VPN client software to crash?

A: No, MS10-101 does not update msgina.dll. The files modified by this update are listed in the KB article http://support.microsoft.com/?kbid=2207559 .

 

Q: Which version of Exchange is affected by MS10-106?

A: Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems is the only affected platform.

 

Q: Does the Office file tool validate the XML file types as well?

A: The quick information is no -- we don't validate XML versions of files.  You can find more information on Office File Validation in the Office blog: http://blogs.technet.com/b/office2010/archive/2009/12/16/office-2010-file-validation.aspx

 

Q: I understand the security reason for dropping older converters for Office documents, but how can enterprises guarantee that old documents (10+ years old) can still be viewed correctly?

A: We understand turning off some of the items can be difficult and we do provide steps on how one may revert the changes we’ve made in the case an older file needs to be used.  For MS10-105 you can view this KB article: http://support.microsoft.com/kb/2479871/

 

Q: Will MS10-077 replace all earlier versions of .Net as well, or will it only include .Net 4.0?

A: The re-release is only for .Net 4.0.  Other versions are not affected by this issue.

 

Q: For the re-release of MS10-070 and MS10-077, is the update for both performed by installing KB 2473228?

A: The update KB2473228 fixes a setup issue in the Microsoft .Net Framework 4.0 that affects MS10-070 and MS10-077. This update is offered together with the original security update for each of those bulletins, therefore installing this update once will suffice.

 

Q: Were the Office for Mac patches from last month released yet, or still pending?

A: Microsoft released security updates for MS10-087 for:

Microsoft recommends that users of Microsoft Office 2008 for Mac and Open XML File Format Converter for Mac apply these updates at the earliest opportunity to address the vulnerabilities described in this bulletin.

The update for Microsoft Office 2004 for Mac remains unavailable at this time. We will be revising the bulletin today to reflect this release.

 

Q: Will MS10-070 and MS10-077 also fix VCREDIST_32.exe upgrade/uninstall issues?

A: The Microsoft .Net Framework 4.0 update in MS10-070 is unrelated to any VCREDIST issue.

 

Q: Can you explain why there is a KB2467659 for Internet Explorer for issues related to MS10-090?

A: There is a known application compatibility issues with the Internet Explorer Cumulative Security Update.

Known issues with this security update are:

·         After you install this security update, you may also need to install update KB2467659. To determine if you need to install update KB2467659.

·         After you install this security update, some Japan Industrial Standard (JIS) websites may not appear correctly in Internet Explorer. This issue can occur if the JIS-based website does not specify JIS encoding in the HTTP headers-- for example, the website only specifies JIS in a Meta tag.

 

Q: Is the Vulnerability in Microsoft Exchange Server that Could Allow Denial of Service (KB2407132) used for the entire server role like Mailbox server?

A: Only Exchange servers that have the Mailbox Server role are affected by this issue. A server role is a unit that logically groups the required features and components that are required to perform a specific function in your messaging environment. Exchange servers may be configured to have multiple server roles that coexist on a single computer, or server roles may be deployed on dedicated computers. This issue affects the Mailbox Server role, so only systems deployed with this role are affected. However, this update will be offered to all affected Microsoft Exchange servers, regardless of what roles are configured on the system.

 

Q: We are noticing that the version of MBSA we are using 2.2 is showing that patch number MS10-090 (2416400) for Internet Explorer 8 on XP Service Pack 3 isn't installed even after we have installed it. The patch shows up in the Add/Remove programs and the registry shows the registry key that should be used for validation.  I checked the DLL versions for the files listed and they match.  Is there a problem with MBSA cab files?

A:  We are investigating this issue you have brought to our attention and will take appropriate action once our investigation completes. Please watch the Security bulletin MS10-090, bulletin knowledge base article, or the MSRC blog for updates.

 

Q: MS10-093 to MS10-097 close issues listed in Security Advisory 2269637 for DLL preloading.  Is Security Advisory 2269637 now resolved for all Microsoft supported software or should we expect future bulletins for this issue?

A: Our research into DLL-preloading issues continues. If and when we discover them in other Microsoft products, we will address them appropriately.

 

Multi-part question…

Q: Please clarify/expound that MS10-101 is *ONLY* applicable to Domain Controllers.

A: Yes, only machines configured in the Domain Controller role are affected by MS10-101.

 

Q: What systems are primarily at risk from this vulnerability?

A: Windows Servers that are configured as domain controllers and host the Netlogon service are affected by this vulnerability. Windows client operating systems are not affected by this vulnerability.

 

Q: How do I know if my Windows Server is configured as a domain controller?

A: If the registry key HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType is set to LanmanNT, then your system is configured as a domain controller.