This is the Windows Server Update Services support team blog. We cover all things relating to WSUS and Windows Update.
I was just going through all of the weekend news and saw our good friends over at the Microsoft Security Response Center announced their Q&A from the September 2010 Security Release Bulletin webcast where they answer 10 questions concerning the September bulletins, including inquiries about bulletin, MS10-061 involving the Stuxnet vulnerability. They also talk about the Enhanced Mitigation Experience Toolkit 2.0 (EMET) as well as questions regarding bulletin MS10-065 affecting IIS and its FastCGI vulnerability. If you didn't get the chance to catch the original webcast then this is the next best thing. You can get all the details here:
Also on Friday they released Security Advisory 2416728 that describes a publicly disclosed vulnerability in ASP.NET that affects all versions of the .NET Framework. At this time they're not aware of any attacks using this vulnerability and they encourage customers to review the advisory for mitigations and workarounds. Our Security Research & Defense team has written a blog post to explain how the workarounds work and has provided a script to help administrators determine if they have ASP.NET applications in vulnerable configurations. You can get all the details on this here:
J.C. Hornbeck | System Center Knowledge Engineer
The App-V Team blog: http://blogs.technet.com/appv/ The WSUS Support Team blog: http://blogs.technet.com/sus/ The SCMDM Support Team blog: http://blogs.technet.com/mdm/ The ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/ The OpsMgr Support Team blog: http://blogs.technet.com/operationsmgr/ The SCVMM Team blog: http://blogs.technet.com/scvmm/ The MED-V Team blog: http://blogs.technet.com/medv/ The DPM Team blog: http://blogs.technet.com/dpm/ The OOB Support Team blog: http://blogs.technet.com/oob/ The Opalis Team blog: http://blogs.technet.com/opalis