January 2011

January 2011 Security Bulletin Webcast Q&A

Hosts:                   Jonathan Ness, Principal Security SDE Lead, MSRC

                               Jerry Bryant, Group Manager, Response Communications

Website:              TechNet/security

Chat Topic:         January 2011 Security Bulletin Release
Date:                    
Wednesday, January 12, 2011

Q: What SMB ports are safe to block outbound?

A: Blocking SMB requires preventing TCP ports 139 & 445 from traversing the firewall.  However, there are impacts of doing this if you use SMB-based services across your perimeter.  The primary impacts are CIFS, RPC over SMB, and File/print services.  A full list is found in the bulletin.  You should decide based on your own environment which are 'safe' to block.

Q: Late last month Windows XP with Internet Explorer 6 and MS10-090 installed were prompted to install MS10-071. Was this an incorrect detection / supercedence issue, and was it corrected?

A: The supercedence issue for MS10-090 has been fixed.

Q: The January 2011 Bulletin Summary contains a link to 'Updates from Past Months for Windows Server Update Services' which remains out of date, September 2010.

A: The team responsible for updating these links is switching to an automated process. This will be resolved shortly.

Q: Why am I not receiving SMS alerts from the MSRT via the Live Alert Service, did the MSRC stop publishing these?

A: This service was terminated in September and is no longer offered on the TechNet Security Notifications page. There are some alternatives available, please see:

http://technet.microsoft.com/en-us/security/dd252948

Q: Is there any news on the fake MSE virus, as well as the phony HDD/Defrag virus?
A:
We recently blogged on both of these and you can find more details on each of these viruses at http://blogs.technet.com/mmpc .  Microsoft also detects both of them through the MSRT