This is the Windows Server Update Services support team blog. We cover all things relating to WSUS and Windows Update.
There's been a lot of news around Security Advisory 979352 so I thought I'd take a minute and give a summary of the major links from the MSRC that have come across my desk since it was released last Thursday. You all have probably already seen all of these but just in case you haven't, here's where we are:
Thursday, 1/14/2010 : Security Advisory 979352 Released
Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks. Today, Microsoft issued guidance to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer. Additionally, we are cooperating with Google and other companies, as well as authorities and other industry partners….
Friday, 1/15/2010 : Advisory 979352 Updated
Today we updated Security Advisory 979352 to let customers know that we are aware that exploit code for the vulnerability used in recent attacks against IE 6 users, has now been made public. Information on which versions of Internet Explorer are vulnerable and what customers can do to protect themselves is included in the updated Security Advisory….
Sunday, 1/17/2010 : Further Insight into Security Advisory 979352 and the Threat Landscape
We wanted to provide you some insight into the vulnerability reported in Microsoft Security Advisory 979352, which is related to our ongoing investigation into the recently publicized attacks against Google and other large corporate networks. We understand that there is a lot of noise about this topic right now and we know that our customers are receiving a lot of information about this situation from a variety of sources, so we want to provide some additional insight….
Monday, 1/18/2010 : Advisory 979352 Update for Monday January 18
For today’s update we want to share some insight on the current threat landscape for Security Advisory 979352, some new resources we have published and the current status on producing a security update. As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6….
Tuesday, 1/18/2010 : Security Advisory 979352 – Going out of Band
We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability.
Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6. We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers. We also recommend customers consider deploying the workarounds and mitigations provided in Security Advisory 979352….
J.C. Hornbeck | System Center Knowledge Engineer
I think it's time for Microsoft to cease supporting a web browser based on the operating system. IE5 is still being supported for the next few months while Windows 2000 is on it's death bed. This is way too long. IE6 will be around for around 14 years since Win XP doesn't die until 2014 and on Server 2003 until 2015! This is way too long. By 2014, we could be at IE10. Which means Microsoft could be supporting 5 browser for Windows XP.
My suggestion is to give IE a maximum of 5 years of life.