Hosts: Jonathan Ness, Principal Security SDE Lead, MSRC
Jerry Bryant, Group Manager, Response Communications
Website: TechNet/security
Chat Topic: February 2011 Security Bulletin ReleaseDate: Wednesday, February 9, 2011
Q: I am reading about install issues on Windows XP SP3 for MS11-003. Errors include invalid hash and error code 0x80246002. Any comments?
A: We are not tracking anything specific to this error code with MS11-003 at this time; however, this error is occasionally seen with Windows Update, and usually results from an issue on the client with the updating mechanism. See: KB 958056 - "You receive a '0x80246002' error code when you use the Windows Update or Microsoft Update Web sites to install updates."
Q: We disable Autorun on all drives using Group Policy. Will this update for Security Advisory 967940 override the Group Policy settings all drives and enable Autorun on CDs and DVDs?
A: The update sets the registry key values to only allow CDs and DVDs to continue to function. If you have a Group Policy Offering that has already updated these registry key settings to disable Autorun completely, then this update will update those registry key settings and enable support for CDs and DVDs. If your security policy is to disable Autorun completely and it is already in place, than you do not need to deploy this update as your security profile is already more locked down than what the update offers.
Q: One of our concerns here is that our servers need to be running 24 hours a day, 7 days a week. Why do the Windows updates that come out constantly require reboots, which prevents us from deploying and keeping the server running non-stop?
A: Because we cannot update components while they are running, the only method to ensure certain components are fully patched is through a reboot. The bulletins always contain information concerning the reboots and additional steps that can be taken to prevent a reboot from occurring.
Q: For MS11-005, should the update be applied to the domain controllers or the workstations or both?
A: MS11-005 affects Windows Server 2003 running as a Domain Controller. Workstations are not affected.
Q: I have five updates that were downloaded by System Center Configuration Manager (SCCM) that show invalid certificates. How can that be addressed/fixed ?
A: We recommend opening a support case with Customer Technical Support as soon as possible, so that the full scope can be verified, isolated, and escalated. It's important to remember that you will not be charged for support relating to security bulletins. Please visit the Microsoft Help and Support site at: http://support.microsoft.com , or your Regional Customer Service Representative (http://support.microsoft.com/common/international.aspx ) for assistance with this issue.
Q: MS11-008 affects Microsoft Visio. Is the Visio Viewer also affected?
A: No, Visio Viewer is not affected.
Q: I subscribe to the automatic notifications for Microsoft Security Bulletin Summaries but was not notified about Microsoft Security Advisory 2501696. Why not? How can I ensure that I am notified going forward so I can apply the necessary workarounds until a bulletin is available?
A: Thank you for pointing this out. The Autorun advisory should have been included in the notifications for Microsoft bulletin summaries in the non-security update section. We will update the bulletin summary site to reflect this.
Q: Please explain how to determine if Server Message Block (SMB) Server service is running or not on Windows XP, Vista, and Windows 7.
A: You can always verify the services running on your system by looking at the Services tab from within the Control Panel. The SMB Server service is listed simply as "Server."
Q: Microsoft Security Essentials (MSE) was recently upgraded. Is that set to push through WSUS? Which update number is that?
A: Microsoft Security Essentials is not updated through security bulletins. Updates to this product are handled separately.
Q: Last month the Attack Surface Analyzer was released. Could you talk more about how that is used? Does that read the current state of the PC's security issues as well?
A: The Attack Surface Analyzer does not show the state of all security issues on the PC. Instead, the tool takes snapshots of an organization's system and compares these to identify changes. The tool also gives an overview of the changes to the system we consider important to the security of the platform and highlights these in the attack surface report.
Q: Is MS11-004 only applicable if FTP is both installed AND enabled?
A: That's correct.
Q: I was told that there is a means whereby whenever you have security notices, I can receive an email. What would that be?
A: You can sign up for technical security notifications at http://technet.microsoft.com/en-us/security/dd252948.aspx .