Hi everyone, Scott here to tell you about today’s out of band release. Everything should be available at this point.
With this particular vulnerability, the biggest concern we had was around risk. This one affected many different platforms in many scenarios that are considered by customers to be common usage. While the attacks we saw were very limited, our decision to go out of band on this release was really around the risk in combination with the attacks. Through some really top notch effort by all our testing teams, we were able to reach our quality bar far sooner than we originally anticipated. Yesterday we really became confident in our final checklists that we could release it and so we have done so. Please be sure you check out the security bulletin for all the information about this update:
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
One thing to note, we recommend that you undo any of the previously recommended workarounds involving VGX.DLL before applying this update. Information on how to undo those workarounds is detailed in the bulletin. This is very important because if you do not revoke the VGX.DLL changes, the update could fail to install or deploy.
Lastly as Craig mentioned earlier, we’ve also re-released MS06-049 today. This bulletin was re-released to address a niche issue involving data corruption in combination with NTFS compression for Windows 2000 customers. The original update protected against the vulnerability, but we wanted to make sure we were addressing the compression issue for customers.
Thanks
Scott
*This posting is provided “AS IS” with no warranties, and confers no rights.*