Skip to main content
MSRC

Month Archives: November 2008

MS08-067 Update: November 25

Tuesday, November 25, 2008

Hi, this is Bill Sisk A while back we discussed the fact that we’re likely to see new pieces of malware over the coming weeks that exploit the vulnerability resolved in MS08-067. Recently we’ve received a string of reports from customers that have yet to apply the update and are infected by malware.

Read More

Good Things Come in Blue Packages

Thursday, November 20, 2008

Hello everyone, Celene Temkin here from the MSRC Ecosystem Strategy Team. BlueHat v8: C3P0wned ended a month ago and the success of the con lives on in the outstanding training and networking done between Microsoft employees and external speakers and guests. I’m happy to say the speaker video interviews, podcasts, anecdotes and archives are live on the BlueHat TechNet Page.

Read More

Monthly Security Bulletin Webcast Q&A – November, 2008

Friday, November 14, 2008

Register now for the December 2008Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: November 2008 Security Bulletin Date: Wednesday, November 11, 2008 Q: Along with the expected updates, my Windows Server Update Services (WSUS) servers picked up KB948110, an update for SQL Server 2000 Service Pack 4, during the same sync on Wednesday morning.

Read More

Security Bulletin Webcast Questions and Answers - November 2008

Friday, November 14, 2008

Hi, During this month’s webcast we were able to address 12 questions in the time allotted. The questions were spread fairly evenly across both bulletins. We also fielded questions regarding the Exploitability Index and the MS08-067 form the October Out-of-Band Release. Here is the link to the full Q&A so you can see all of the answers that were provided for these great questions:

Read More

One Month Analysis: Exploitability Index

Wednesday, November 12, 2008

Handle: Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns Hey folks – We’ve just released the November Security Bulletins and that also marks the one-month point after the release of the initial Exploitability Index in October.

Read More

MS08-068 and SMBRelay

Tuesday, November 11, 2008

Hi, this is Christopher Budd. We’ve received some questions from customers about MS08-068 and its relationship to an issue that was first discussed in 2001, called the SMBRelay attack. Specifically, we’ve gotten some questions about why, in 2008, we’re releasing an update that addresses an issue first discussed in 2001. Since I was in the MSRC back in 2001 when this was all first discussed, I feel well placed to answer that.

Read More