November 2011

November 2011 Security Bulletin Webcast Q&A

Hosts:                   Dustin Childs, Senior Security Program Manager

                              Jerry Bryant, Group Manager, Response Communications

Website:              TechNet/security

Chat Topic:         November 2011 Security Bulletin Release
Date:                    Wednesday, November 9, 2011

Q: Do re-released updates need approval in Windows Server Update Services (WSUS) or do the existing approvals for the prior release automatically apply? 

A: If you have selected to automatically approve revisions on your WSUS server, then future changes to previously approved updates will flow automatically to client PCs. If you have not selected to automatically approve revisions, then you will need to re-approve the update changes each time a change is made. 

 

Q: For the MS11-037 re-release, are customers that installed the original update protected or are the systems unprotected until they install the new version? 

A: Even though you installed the old version of the security update, you need to install the re-released version of the update for all applicable editions of Windows XP and Windows Server 2003. 

 

Q: On MS11-083, would the Windows Firewall in default configuration be an effective mitigation? I am asking specifically about a software firewall on the PC.

A: No, The Windows firewall will not provide cumulative protection as a workaround to this issue. Microsoft recommends that users block unused User Datagram Protocol (UDP) ports at the perimeter firewall as a workaround to this CVE.

 

Q: For MS11-083, does exploitability increase if we expose any User Datagram Protocol (UDP) via the perimeter firewall?

A: If you do allow UDP traffic through the perimeter firewall, you will increase the chance of being exploited by this issue. 

 

Q: Will disabling Windows Mail & Meeting Space in Group Policy entirely prevent the vulnerability addressed by MS11-085 from being exploited?

A: While disabling Mail and Meeting space will remove the only known attack vector, the vulnerable code remains on the system.  We still recommend applying the update to ensure you are fully protected.