The Microsoft Security Response Center (MSRC)

Hello, Bill here.

I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, September 9, 2008 around 10 a.m. Pacific Standard Time.

It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

·        Four Microsoft Security Bulletins rated as Critical. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

As always, we’ll be holding the September edition of the monthly security bulletin webcast on Wednesday, September 10, 2008 at 11 a.m., Pacific Standard Time.  We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well at the same URL. In addition, we’ll also be posting the text of the questions and answers from each month’s webcast. You can see a full listing of the posted questions and answers on this page.

You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374633&Culture=en-US

Thanks,

Bill Sisk

Hi,

During this month’s webcast we were able to address 15 questions in the time allotted. There were several questions regarding ActiveX for the Cumulative IE Update (MS08-045), the Access Snapshot Viewer (MS08-041), Outlook Express Messenger (MS08-050) and the ActiveX Kill bits Security Advisory. We also fielded several questions around various deployment tools used for updating and we addressed some questions about the IPSec Update (MS08-047).

Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:

http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-august-2008.aspx

Also, here is the link to the Q&A index page in case you want to view previous months:

http://blogs.technet.com/msrc/pages/microsoft-security-bulletin-webcast-q-a-index-page.aspx

As always, customers experiencing issues installing any of the updates this month should contact our Customer Service and Support group:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.

Thanks!

Al Brown

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello again! This is Tami Gallupe (MSRC Release Manager) and I want to let you know that we just posted our August 2008 Bulletins.  This month we released 11 bulletins, one new advisory and revised an existing advisory. We also revised four bulletins to update detection changes. Here is a brief overview of the bulletins and other content we released today.

You may notice that we removed one of the bulletins that we had mentioned in the “Advanced Notification Service” that we released last week. We did this prior to today’s bulletin release because of a last minute quality issue. Microsoft has heard from customers that the quality of updates is very important and, as part of the process at the Microsoft Security Response Center (MSRC), Microsoft tests these updates continuously until they are ready for distribution to customers through our regularly scheduled security bulletin release.

Bulletins:

·        MS08-041 – Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617) – Critical

·        MS08-042 – Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)  – Important

·        MS08-043 – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)  – Critical

·        MS08-044 – Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)  – Critical

·        MS08-045 – Cumulative Security Update for Internet Explorer (953838) –  Critical

·        MS08-046 – Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)  – Critical

·        MS08-047 – Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)  – Important

·        MS08-048 – Security Update for Outlook Express and Windows Mail (951066) –  Important

·        MS08-049 – Vulnerabilities in Event System Could Allow Remote Code Execution (950974)  – Important

·        MS08-050 – Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)  – Important

·        MS08-051 – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)  – Critical

We also revised the following bulletins to update detection changes

·        MS08-022 – major revision, added XP SP3 detection

·        MS08-033 – major revision, added XP SP3 detection

·        MS07-047 – major revision, update detection

·        MS08-040 – minor revision, update detection

Advisories:

·        Release Advisory 955179

·        Revised Advisory 954960

You can also read about this month’s Security Vulnerability Research & Defense blog at http://blogs.technet.com/swi/.

And finally, I also want to highlight my favorite event of the release: the webcast that starts tomorrow (Wednesday, August 13^th) at 11:00 AM PST.  To me this is a wonderful event that gives us a chance to hear from you, to take your questions and answer them live, on the air. Click here to register for TechNet Webcast: Information About Microsoft August Security Bulletins.   We look forward to hearing from you tomorrow.

Cheers!

  Tami

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello,

This is Christopher Budd. 

While some of us are down at Black Hat this week, meeting with customers and researchers and announcing exciting new programs, today is also the Thursday before the second Tuesday in August. That means we’ve just posted this month’s Advance Notification for next week’s bulletin release, which will occur on Tuesday, August 12, 2008 around 10 a.m. Pacific Standard Time.

I did want to remind you that this information is intended to help with your planning for testing and deployment for next week’s release. It is preliminary information and it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

·       Seven Microsoft Security Bulletins with maximum severity of Critical, and five with maximum severity of Important. These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer.

As we do each month, we’ll be releasing an updated version of the Microsoft Windows Malicious Software Removal Tool.

And finally, we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). You can get additional information, in the “Other Information” section of the Advanced Notification.

Also, please do register for next week’s TechNet Monthly Security Bulletin webcast. This month’s will be on Wednesday August 13, 2008 at 11 AM Pacific time. We’ll be reviewing the bulletins during the call and then taking your questions live on the air and providing answers to them from our panel of subject matter experts.

You can register for the webcast here:

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032374631&EventCategory=4&culture=en-US&CountryCode=US

Remember that if you can’t join us for the live webcast, you can view it on-demand at the same URL. And, if you didn’t see it, Jerry Bryant announced last week that we’ll also be posting the text of the questions and answers from each month’s webcast. You can see a full listing of the posted questions and answers on this page.

Thanks,

Christopher Budd

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hey Andrew Cushman here…

It’s August in Vegas and you know what that means—Black Hat.  Microsoft has quite a contingent here through its MSRC Operations  and Ecosystem Strategy teams.  We are here because Black Hat is one of the premier events in the security industry, it provides a wealth of information and insight into the pulse of the security landscape, and is a fantastic opportunity for face-to-face communication with the researchers, vendors, ISVs, CERTs and companies we work with throughout the year.

Additionally, there’s something more going on this year.   The online threat landscape continues to evolve, attacks are more sophisticated than ever, the issues are more complex, and the security industry is challenged to keep pace with innovative solutions.  It’s becoming ever more apparent – no company can tackle this issue of security alone.  Collaboration across borders, and across segments, is imperative to help improve the broader security ecosystem. 

For years we’ve seen this on a more micro level through gatherings like Black Hat, but now the need exists to shift this approach to a more macro level.  Consider the efforts behind the multi-vendor release around the current DNS issue and the recent formation of the Industry Consortium for Advancement of Internet Security (ICASI) as validation for such a community-based shift.

Looking back over our history with Black Hat, our involvement has evolved from listening to and learning from researchers, to engaging with them, and finally to today where we’re excited to share our lessons learned and guidance to help mobilize the greater community in an effort to protect our mutual customers.

I’m excited to introduce you to several announcements Microsoft is making here at the show in areas like collaboration and information sharing that will truly help fuel this Community-Based Defense approach.  Be sure to visit our new Ecosystem Strategy blog throughout the week for more details and news.

Stay tuned, there’s lots more to come.

Andrew

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hey everyone,

This is Jerry Bryant. I am the Business, Operations & Communications Manager on the Security Response Communications team. I am writing to let you know about a new process we are implementing regarding the questions and answers from our monthly security bulletin webcast.

Attendee’s to the webcast ask a lot of great questions concerning the security updates we just released and we have many subject matter experts (SME’s) on hand to answer them. In order for the broader community to also benefit from the exchange, we will now be posting the questions and answers here on the MSRC blog. Our goal is to get them here within two days of the webcast.

To kick things off, we have posted the questions and answers from the June 2008 and July 2008 webcasts:

http://blogs.technet.com/msrc/pages/microsoft-security-bulletin-webcast-q-a-june-2008.aspx
http://blogs.technet.com/msrc/pages/microsoft-security-bulletin-webcast-q-a-july-2008.aspx

We will also maintain an index of the monthly postings here:

http://blogs.technet.com/msrc/pages/microsoft-security-bulletin-webcast-q-a-index-page.aspx

So look for a post with the August 2008 Q&A on or around August 15th!

If you would like to attend the August webcast in person, you can register here:
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374631&Culture=en-US

You can also view all of our previous webcasts on demand. Just go here to find them:
http://www.microsoft.com/events/security/ondemand.mspx

Thanks and I hope you can join us in August!

Jerry Bryant

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi. Bill here. 

Today we released Microsoft Security Advisory (956187) to warn you of public exploit code available for Microsoft Security Bulletin MS08-037 (Vulnerabilities in DNS Could Allow Spoofing (953230).

We have investigated the public exploit code and have determined that customers who have installed Microsoft Security Bulletin MS08-037 are not affected.

As you may recall, MS08-037 was released in coordination with other DNS vendors across the industry that were also impacted by this vulnerability.

We have not seen any active attacks as of yet. However, we are monitoring the situation and are working with our MSRA partners to monitor and help protect customers. We will update the Advisory and blog as new information becomes available.

Thanks,

Bill Sisk 

 *This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi. Bill here.

I want to let you know that customers running Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 may experience an issue installing the update provided in Microsoft Knowledge Base Article 954960. The update does not correctly elevate privileges, which are required for the installation to complete. In order to successfully install this update we have identified steps in Advisory 954960.

Additionally, the update does not place an entry in Add or Remove Programs, and cannot be uninstalled. Microsoft has identified the packaging inconsistencies in the current update and is investigating options to resolve them.

We will continue to monitor the situation and post updates to the advisory and the MSRC blog as we become aware of any important new information.

Thanks,

Bill

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello,

This is Christopher Budd. I wanted to take a moment and let you know about a revision that we’ve made to MS08-037 today.

After the release of  MS08-037, we became aware of reports of ZoneAlarm customers experiencing issues after applying the security updates. We started investigating these reports as soon as we heard about them and have been working to research this issue. We’re still working on this issue but we do have some information from our investigation so far, which we’ve put into the bulletin.

Specifically, we’ve identified that customers who are running either ZoneAlarm or Check Point Endpoint Security (previously named Check Point Integrity) who apply MS08-037 may lose network connectivity after applying these updates. Our investigation so far has shown that no other customers are affected by this issue.

We’re still investigating this issue but we encourage customers who are using ZoneAlarm to review the appropriate ZoneAlarm Web site and Check Point Endpoint customers to  review the appropriate Check Point Web site for the latest guidance or software updates and factor this information into your risk assessment, testing, and deployment planning.

We will update the bulletin and the MSRC weblog with more information as we have it.

Thanks.

Christopher

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello, Bill here.

I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, July 8, 2008 around 10 a.m. Pacific Standard Time.

It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

·        Four Microsoft Security Bulletins rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

Finally, in late July, we’ll also be releasing KB946928 which updates the infrastructure of the Windows Update client itself. For more information on this update, please visit the Microsoft Update blog</