January 2011 Security Bulletin Webcast Q&A
Hosts: Jonathan Ness, Principal Security SDE Lead, MSRC
Jerry Bryant, Group Manager, Response Communications
Chat Topic: January 2011 Security Bulletin ReleaseDate: Wednesday, January 12, 2011
Q: What SMB ports are safe to block outbound?
A: Blocking SMB requires preventing TCP ports 139 & 445 from traversing the firewall. However, there are impacts of doing this if you use SMB-based services across your perimeter. The primary impacts are CIFS, RPC over SMB, and File/print services. A full list is found in the bulletin. You should decide based on your own environment which are 'safe' to block.
Q: Late last month Windows XP with Internet Explorer 6 and MS10-090 installed were prompted to install MS10-071. Was this an incorrect detection / supercedence issue, and was it corrected?
A: The supercedence issue for MS10-090 has been fixed.
Q: The January 2011 Bulletin Summary contains a link to 'Updates from Past Months for Windows Server Update Services' which remains out of date, September 2010.
A: The team responsible for updating these links is switching to an automated process. This will be resolved shortly.
Q: Why am I not receiving SMS alerts from the MSRT via the Live Alert Service, did the MSRC stop publishing these?
A: This service was terminated in September and is no longer offered on the TechNet Security Notifications page. There are some alternatives available, please see:
Q: Is there any news on the fake MSE virus, as well as the phony HDD/Defrag virus?A: We recently blogged on both of these and you can find more details on each of these viruses at http://blogs.technet.com/mmpc . Microsoft also detects both of them through the MSRT.