Skip to main content
MSRC

Update on today's out of band release

Hi everyone, Scott here to tell you about today’s out of band release. Everything should be available at this point.

With this particular vulnerability, the biggest concern we had was around risk. This one affected many different platforms in many scenarios that are considered by customers to be common usage. While the attacks we saw were very limited, our decision to go out of band on this release was really around the risk in combination with the attacks. Through some really top notch effort by all our testing teams, we were able to reach our quality bar far sooner than we originally anticipated. Yesterday we really became confident in our final checklists that we could release it and so we have done so. Please be sure you check out the security bulletin for all the information about this update:

http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx

One thing to note, we recommend that you undo any of the previously recommended workarounds involving VGX.DLL before applying this update. Information on how to undo those workarounds is detailed in the bulletin. This is very important because if you do not revoke the VGX.DLL changes, the update could fail to install or deploy.

Lastly as Craig mentioned earlier, we’ve also re-released MS06-049 today. This bulletin was re-released to address a niche issue involving data corruption in combination with NTFS compression for Windows 2000 customers. The original update protected against the vulnerability, but we wanted to make sure we were addressing the compression issue for customers.

Thanks
Scott

*This posting is provided “AS IS” with no warranties, and confers no rights.*


How satisfied are you with the MSRC Blog?

Rating

Feedback * (required)

Your detailed feedback helps us improve your experience. Please enter between 10 and 2,000 characters.

Thank you for your feedback!

We'll review your input and work on improving the site.