Hi everyone, Mike Reavey here to tell you about today’s security bulletin and some other offerings to help protect and provide guidance for customers.
Today’s release includes one bulletin affecting Windows 2000. It’s rated as “Important”. (This update addresses the recently disclosed “greymagic” vulnerability that Stephen blogged about a few weeks back.)
You might have read recently about our new pilot offering, Microsoft Security Advisories. The goal of security advisories are to provide guidance and information about security related changes that may not require a security bulletin but that may still impact customers’ overall security. So today we are releasing a couple of security advisories that cover two recent “defense in depth” security related changes to our products. Here are the links to the two advisories:
-
Microsoft Security Advisory (892313): Default Setting in Windows Media Player Digital Rights Management Could Allow a User to Open a Web Page Without Requesting Permission
(http://www.microsoft.com/technet/security/advisory/892313.mspx)
-
Microsoft Security Advisory (842851): Reducing the email address enumeration threat in SMTP When Using Exchange Server (http://www.microsoft.com/technet/security/advisory/842851.mspx)
One thing that’s really important is feedback! We’re definitely interested in hearing your thoughts on security advisories and the information we cover in them. You can send us feedback by using the ‘Contact Us’ feature on the advisories. We are also conducting an online survey to gather information from customers on the value of the content included in Microsoft security bulletins. Customers can participate by visiting the Security Bulletin Search page.
And if you’re going to TechEd Orlando, I’ll be there and want to meet you! We’re going to conduct focus groups at at TechED, June 5-10, 2005 to gather feedback on how we can make the security bulletin offering more valuable for customers. We’ll even have some incentives for participating. Interested participants should email my team at msrctalk@microsoft.com.
Lastly, each month we make additions to the Windows Malicious Software Removal Tool, and this month is no different. The tool has also been updated this month to remove variants of Sdbot and Ispro, also referred to as “Delprot.” Customers can download the tool here.
And of course, we will hold a technical webcast on Wednesday morning to discuss this month’s updates. Registration for the regular, monthly technical webcast on Wednesday, May 11th at 11:00 AM PDT is available here.
-Mike Reavey, MSRC Operations manager
*This posting is provided “AS IS” with no warranties, and confers no rights.*