July 2010

Monthly Security Bulletin Webcast Q&A - July 2010

   

Hosts:                          Adrian Stone, Senior Security Program Manager Lead

                                    Jerry Bryant, Group Manager, Response Communications

Website:                     TechNet/security

Chat Topic:                 July 2010 Security Bulletin Release

Date:                           Tuesday, July 13, 2010

 

 

Q: I was a little confused that the Malicious Software Removal Tool (MSRT) did not support Windows 2000, I assumed yesterday end of day was end of life (EOL) for Windows 2000.

A: The Malicious Software Removal Tool (MSRT) should support Windows 2000 this month. Beginning next month; it can be downloaded and run from the Download Center as an unsupported configuration. We announced End of Life for MSRT/Win2K offering a year ago, and will no longer offer MSRT to Windows 2000 customers via Windows Update and Windows Server Update Services starting from July 13, 2010.  Again, customers can still download MSRT from Microsoft.com and run on Windows 2000, although as “unsupported”.  Additional information can be found on the Microsoft Support website.


Q: MS10-024 was originally released in April 2010 with many problems due to Simple Mail Transfer Protocol (SMTP) port configuration issues. Will the MS10-024 re-release to fix the original issues with this patch that may have occurred with the Simple Mail Transfer Protocol (SMTP)??
A: Yes. The
MS10-024 re-release will correct the original known issue. The reoffer only affects the packages associated with KB 976323. Customers who have already successfully updated their systems do not need to reinstall this update.


Q: Regarding MS10-042, do we have to remove the ‘FixIt’ first ?  Is it necessary to apply MS10-042 although the FixIt was applied during the June Security Bulletin Release ?
A: The update will install regardless of whether the ‘
FixIt’ is installed or not.  However, if the ‘FixIt’ is still enabled, the registry key for the Windows "Help Center Protocol" will remain unregistered.

Q: I have a problem regarding a bulletin which was released during the June Security Release update.   Some of our systems cannot be updated with MS10-041 because it states the product doesn’t exist even though it does.  For example, Server 2003 has .NET Framework 2.0 SP2 installed, manually installing KB979909, the resulting prompt is: None of the products that are addressed by this software update are installed on this computer. Click Cancel to exit setup.
A: Thanks for bringing this to our attention. This is not a known issue. We recommend you contact
customer services either directly, or through your technical account manager; they will be happy to assist you with this issue free of charge.

Q: What is the back-out for MS10-044 if it cannot be uninstalled?
A: Uninstall is not supported on
Access 2003 Packages.  However, uninstall is supported on Access 2007 Packages.

Q:
Microsoft Security Advisory 2219475 , the mitigation for the Help and Support Center vulnerability, was made available last week. Will the MS10-042 update undo this workaround?
A: The update does not undo the workaround, but will install whether the mitigation is deployed or not.  If you enable the mitigation, you will need to install the update and disable (undo) the workaround to restore full functionality.

Q: Once a client shows that it needs an update in the Windows Server Update Services (WSUS) server, is it possible to have the server remove the indication that the update is required on the client and to indicate the client is 100 percent up-to-date?  We are asking because we usually only apply the security updates, critical updates, and the Windows Malicious Software Removal Tool to our clients and we don't want the server to indicate that the clients need the additional updates in the server.

A:  In Windows Server Update Services (WSUS) there is no approval action that can be assigned to an update for a specific target group that would prevent ‘at least’ the default Scan approval from flowing down to the client. Not even a Block approval will do it, the default result is that the Scan approval always flows down to ‘all’ clients and therefore the client will report that it needs the update.  The only way to make a client report that it does NOT need an update is to decline the update on the WSUS server which is a global operation.  Decline makes the update disappear completely from all clients, not just ones in a given target group.


Q: is it true that the
Malicious Software Removal Tool(MSRT) is intended for the Vundo virus only? Can Microsoft Security Essentials detect this type of virus?
A: The
MSRT can detect and remove many types of malware, not just the Vundo family of viruses.  Microsoft Security Essentials will also detect a wide variety of malware.

Q: I have two machines left on
Microsoft XP SP2 that should be upgraded this week. Will the July Security Release update bulletins still apply for those two machines?
A:
Windows XP SP2 is supported in July 2010, and so any applicable update will still be needed.  MS10-042 is the only update from the July release that applies to this platform.

Q:
Windows Update shows that there was a critical update to .NET Framework released after the June 2010 Security Release update.  Can you please discuss the mid-month release of the .NET Framework updates?  Were they security-related?  If so, why were they released mid-month and not discussed during this presentation?
A: On June 21, several non-security updates for .NET Framework were released. These were classified as critical updates, but not as stability updates. Also, if you are not using
Windows Server Update Services (WSUS), you can use the Windows Update Catalog to browse the complete list of updates released on Microsoft Update. This will tell you about the update classification for a given update -- only updates classified as "security updates" are security updates, and there may be other updates such as feature packs or critical stability updates present as well

See KB article 982525 for further information regarding the non-security update mentioned here.

 

Q: Is the runtime version of Access included as an affected product in the MS10-044 product list?  Disregarding whether or not it is based on the attack vectors; I would think this highly unlikely.
A: If the affected ActiveX controls exist on your system you are vulnerable to the bug that has been addressed by
MS10-044.  Therefore, if you have the runtime version of Access you will need to install this update to be protected from this vulnerability.  Even though the vulnerability is introduced by Access, a malicious user could leverage Internet Explorer to instantiate the ActiveX control to potentially cause remote code execution.