What is Toluu?
Toluu is a free service for sharing the feeds you read and discovering new ones.		 Get Invite

Welcome to the Microsoft Security Response Center Blog!

Working to help protect customers from vulnerabilities in Microsoft software


December 2008 Advanced NotificationYesterday

Hello, Bill here.

I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Dec. 9, 2008 around 10 a.m. Pacific Standard Time.

It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release eight security bulletins:

 

·        Six Microsoft Security Bulletins rated as Critical and two rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

 

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

 

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Ser

MS08-067 Update: November 25November 25

 Hi, this is Bill Sisk

A while back we discussed the fact that we’re likely to see new pieces of malware over the coming weeks that exploit the vulnerability resolved in MS08-067.

 

Recently we’ve received a string of reports from customers that have yet to apply the update and are infected by malware. These most recent reports have a common malware family, and the folks in the Microsoft Malware Protection Center (MMPC) have provided detailed information regarding this latest threat. The detailed write-ups regarding this threat can be found here and here. It’s important to note that customers who have installed MS08-067 are not affected.

 

Signatures have also been included to protect against it in the Windows Live Safety scanner – customers that think they might be infected can run that for free by visiting http://

Security Bulletin Webcast Questions and Answers - November 2008November 14

Hi,

 

During this month’s webcast we were able to address 12 questions in the time allotted. The questions were spread fairly evenly across both bulletins. We also fielded questions regarding the Exploitability Index and the MS08-067 form the October Out-of-Band Release.

 

Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:

http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-November-2008.aspx

 

Also, here is the link to the Q&A index page in case you want to view previous months:

http://blogs.technet.com/msrc

MS08-068 and SMBRelayNovember 11

Hi, this is Christopher Budd.

We’ve received some questions from customers about MS08-068 and its relationship to an issue that was first discussed in 2001, called the SMBRelay attack.

Specifically, we’ve gotten some questions about why, in 2008, we’re releasing an update that addresses an issue first discussed in 2001. Since I was in the MSRC back in 2001 when this was all first discussed, I feel well placed to answer that.

At a high level, the behavior that was discussed in the original SMBRelay attack is related to some of the basic behavior of the legacy NTLM protocol. When this issue was first raised back in 2001, we said that we could not make changes to address this issue without negatively impacting network-based applications. And to be clear, the impact would have been to render many (or nearly all) customers’ network-based applications then inoperable. For instance, an Outlook 2000 client wouldn’t have been able to communicate with an Exchange 2000 server. We did say that customers who were concerned about this issue could use SMB signing as an effective mitigation, but, the reality was that there were similar constraints that made it infeasible for customers to implement SMB signing.

After saying that, though, the matter wasn’t closed for us. Since then we’ve been looking at this issue to see if there’s a way we can address this issue that d

November 2008 Bulletin ReleaseNovember 11

Hi! This is Tami Gallupe, MSRC Release Manager and I just wanted to give you an update on the two bulletins we released today:

                 MS08-068: Vulnerability in SMB Could Allow Remote Code Execution (957097). This has a severity rating of Important. 

                 MS08-069: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218). This has a severity rating of Critical.

This information, and more, is also documented in the Microsoft Security Bulletin Summary for November 2008, and you can also read this month’s Security Vulnerability Research & Defense blog at http://blogs.technet.com/swi/ where the team dives into more technical details about this month’s release. 

I hope you will also join us for the webcast that starts tomorrow (Wednesday, November 12th) at 11:00 AM PST.  I value this event as it gives us a chanc