Just an FYI that today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office.
With the release of the bulletins for February 2010, this bulletin summary replaces the bulletin advance notification originally issued February 4, 2010. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
Microsoft is hosting a webcast to address customer questions on these bulletins on February 10, 2010, at 11:00 AM Pacific Time (US & Canada). Register now for the February Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
For all the news and latest details see http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx
J.C. Hornbeck | System Center Knowledge Engineer
Looks like the folks at the MSRC just released the February bulletin information through our Advance Notification Service (ANS). This month we'll be releasing 13 bulletins: Five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities in all.
For all the details check out their post on this at http://blogs.technet.com/msrc/archive/2010/02/04/february-2010-bulletin-release-advance-notification.aspx
J.C. Hornbeck | System Center Knowledge Engineer
Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.
For all the details see http://www.microsoft.com/technet/security/advisory/980088.mspx
We also have one of our cool new Fix Its that will automagically make the appropriate changes for you: http://support.microsoft.com/?kbid=980088
J.C. Hornbeck | System Center Knowledge Engineer
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003). For Internet Explorer 6 for supported editions of Windows Server 2003 as listed, this update is rated Moderate.
For all the details see http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
J.C. Hornbeck | System Center Knowledge Engineer
Yesterday we released Security Advisory 979682 to address an Elevation of Privilege (EoP) vulnerability in the Windows kernel, affecting all currently supported versions of 32-bit Windows. 64-bit versions of Windows, including Windows Server 2008 R2, are not affected. The advisory provides customers with actionable guidance to help with protections against exploit of this vulnerability.
To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system. An attacker could then elevate their privileges to the administrative level and run programs of their choice on the system.
For all the details see http://www.microsoft.com/technet/security/advisory/979682.mspx
J.C. Hornbeck | System Center Knowledge Engineer
I know this isn't necessarily WSUS specific but I figured that some of you may still have some old Windows 2000 or Windows XP SP2 systems running out there and would appreciate the heads up.
As the title says, Windows XP SP2, Windows 2000 Server and Windows 2000 Professional are reaching End of Support (EOS) on July 13, 2010 (and Windows Vista RTM End of Support is on April 13, 2010). This means that regular Microsoft support and free access to security updates will come to an end for those products on those dates.
To help with planning your migration strategy to Windows 7, Windows Server 2003, Windows Server 2008 or Windows Server 2008 R2, we have the Windows 2000 End-of-Support Solution Center which is a fantastic place to start. It has information on planning your move, migrating clients and server roles, Small Business Server, Application Compatibility and much much more. It's a definite must-see site and you can check out all the details at http://support.microsoft.com/win2000.
For more information see the Microsoft Support Lifecycle Policy.
J.C. Hornbeck | System Center Knowledge Engineer
Microsoft Security Bulletin Advance Notification issued: January 20, 2010
Microsoft Security Bulletins to be issued: January 21, 2010
This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on January 21, 2010. The bulletin will be for Internet Explorer to address limited attacks against customers of Internet Explorer 6, as well as fixes for vulnerabilities rated Critical that are not currently under active attack.
This bulletin advance notification will be replaced with the January bulletin summary on January 21, 2010. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.
Microsoft will host a webcast to address customer questions on the out-of-band bulletin on January 21, 2010, at 1:00 PM Pacific Time (US & Canada). Register now for the January 21, 1:00 PM Webcast. Afterwards, the Webcast is available on-demand. For more information, see the following:
http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx
J.C. Hornbeck | System Center Knowledge Engineer
There's been a lot of news around Security Advisory 979352 so I thought I'd take a minute and give a summary of the major links from the MSRC that have come across my desk since it was released last Thursday. You all have probably already seen all of these but just in case you haven't, here's where we are:
Thursday, 1/14/2010 : Security Advisory 979352 Released
Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks. Today, Microsoft issued guidance to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer. Additionally, we are cooperating with Google and other companies, as well as authorities and other industry partners….
Friday, 1/15/2010 : Advisory 979352 Updated
Today we updated Security Advisory 979352 to let customers know that we are aware that exploit code for the vulnerability used in recent attacks against IE 6 users, has now been made public. Information on which versions of Internet Explorer are vulnerable and what customers can do to protect themselves is included in the updated Security Advisory….
Sunday, 1/17/2010 : Further Insight into Security Advisory 979352 and the Threat Landscape
We wanted to provide you some insight into the vulnerability reported in Microsoft Security Advisory 979352, which is related to our ongoing investigation into the recently publicized attacks against Google and other large corporate networks. We understand that there is a lot of noise about this topic right now and we know that our customers are receiving a lot of information about this situation from a variety of sources, so we want to provide some additional insight….
Monday, 1/18/2010 : Advisory 979352 Update for Monday January 18
For today’s update we want to share some insight on the current threat landscape for Security Advisory 979352, some new resources we have published and the current status on producing a security update. As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6….
Tuesday, 1/18/2010 : Security Advisory 979352 – Going out of Band
We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability.
Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6. We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers. We also recommend customers consider deploying the workarounds and mitigations provided in Security Advisory 979352….
J.C. Hornbeck | System Center Knowledge Engineer
Just an FYI on a new KB article that we recently published. This one contains a cumulative list of content changes that have been made available for WSUS, Windows Update and Microsoft Update that were made on or after January 13, 2009.
Administrators can use this list both as a quick reference to content changes that have been made during routine synchronizations and as an explanation of these changes. This information will be updated either during our regular update releases on the second and fourth Tuesday of every month or whenever an unscheduled update is released.
For all the details see:
KB979198 - Description of Software Update Services and Windows Server Update Services changes in content for 2009
J.C. Hornbeck | System Center Knowledge Engineer
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
Published: January 12, 2010
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Microsoft Windows 2000, and is rated Low for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
For all the details see http://www.microsoft.com/technet/security/bulletin/ms10-001.mspx
J.C. Hornbeck | System Center Knowledge Engineer
This is an advance notification of security bulletins that Microsoft is intending to release on January 12, 2010.
This bulletin advance notification will be replaced with the January bulletin summary on January 12, 2010. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.
Microsoft will host a webcast to address customer questions on these bulletins on January 13, 2010, at 11:00 AM Pacific Time (US & Canada). Register now for the January security bulletin webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.
For all the details on tomorrow's security bulleting release see http://www.microsoft.com/technet/security/bulletin/MS10-jan.mspx.
J.C. Hornbeck | System Center Knowledge Engineer
Just an FYI on a new KB article that we recently published. This one discusses an issue where when you install updates by using Windows Update or Microsoft Update, you receive the following error code:
0x737D
Additionally, you may receive the following error message:
SQL Server Setup cannot upgrade the specified instance because the previous upgrade did not complete.
For all the details and the resolution see KB978597 - Error code when you use Windows Update or Microsoft Update to install updates: "0x737D"
J.C. Hornbeck | System Center Knowledge Engineer
The EMEA Core Team posted a great tip on a WSUS related error they've been seeing lately:
When running updates from WSUS 3.0 SP1 we are seeing the following error messages in the Windows Update Agent Log File C:\Windows\WindowsUpdate.log. We see these messages on all of our target Windows 2003 SP2 x64 servers WindowsUpdate:
2009-01-21 08:50:02:878 816 f2c PT +++++++++++ PT:
Synchronizing server updates +++++++++++
2009-01-21 08:50:02:878 816 f2c PT + ServiceId =
{3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL =
http://slon123456.csfb.cs-group.com/ClientWebService/client.asmx
2009-01-21 08:50:03:284 816 f2c EEHndlr WARNING: Failed to
populate ServiceStartup entries in Cache: error 0x80070002
2009-01-21 08:50:04:346 816 f2c EEHndlr WARNING: Failed to
populate ServiceStartup entries in Cache: error 0x80070002
2009-01-21 08:50:04:362 816 f2c EEHndlr WARNING: Failed to
populate ServiceStartup entries in Cache: error 0x80070002
2009-01-21 08:50:04:378 816 f2c EEHndlr WARNING: Failed to
populate ServiceStartup entries in Cache: error 0x80070002
2009-01-21 08:50:04:518 816 f2c PT +++++++++++ PT:
Synchronizing extended update info +++++
If you're seeing similar issues when running updates then check out their resolution here:
http://blogs.technet.com/emeasetup/archive/2009/03/17/eehndlr-warning-failed-to-populate-servicestartup-entries-in-cache-error-0x80070002.aspx
J.C. Hornbeck | System Center Knowledge Engineer
Looks like the MSRC posted the December security bulleting webcast last Friday:
There is one question that I wanted to provide a little more information on and that references reports of KB973917 causing problems with Internet Information Services (IIS) 6.0 running on Windows Server 2003 SP2. There are scenarios where the system can be in a state where the correct core IIS .dll files are not in place. This may be the case if SP2 did not install correctly or if IIS 6.0 was installed on the system from a Windows Server 2003 Gold or SP1 CD after SP2 was installed. KB2009746 has more information on this and how to resolve the issue which is to essentially reinstall SP2 to get the right binaries on the machine.
To be clear, KB973917 references a non-security update that implements Extended Protection for Authentication in IIS. This is part of our overall work to address credential relaying attacks on Integrated Windows Authentication as described in Security Advisory 974926 that we released on Tuesday. The updates in question are not addressing vulnerabilities and I just wanted to clarify that point. To learn more about this work, please read the advisory and also this excellent blog post by Maarten Van Horenbeeck from the MSRC: http://blogs.technet.com/srd/archive/2009/12/08/extended-protection-for-authentication.aspx.
At this time, our Customer Service and Support group are not reporting any major issues with this month’s bulletins. If you do experience any issues obtaining or installing security updates, please visit https://consumersecuritysupport.microsoft.com for some great trouble shooting tips as well as various support options. You can also call 1-866-PCSafety (1-866-727-2338) in the US. For more regional contact numbers, please visit http://support.microsoft.com.
For all the details see http://blogs.technet.com/msrc/archive/2009/12/11/december-2009-security-bulletin-webcast.aspx
J.C. Hornbeck | System Center Knowledge Engineer
From the MSRC blog:
As noted in our Advance Notification (ANS) last Thursday, for the December bulletin release we issued six security bulletins addressing 12 vulnerabilities. Affected products include Windows, Internet Explorer (IE) and Microsoft Office products.
In the ANS, we also noted that the bulletin for IE (MS09-072) is at the top of our deployment priority list this month. As you can see from our Severity and Exploitability Index slide (also referred to as the Risk and Impact slide), MS09-072 is the only bulletin this month that has both a Critical severity rating and our maximum Exploitability Index rating of 1. Of note, each of the five vulnerabilities addressed in this bulletin are Critical and each also have an Exploitability Index rating of 1. One of the vulnerabilities was the subject of Security Advisory 977981 due to public disclosure and affects IE 6 and IE 7 so customers running those versions should install this update as soon as possible.
For all the details see http://blogs.technet.com/msrc/archive/2009/12/08/december-2009-security-bulletin-release.aspx
J.C. Hornbeck | System Center Knowledge Engineer
