Skip to main content
MSRC

2008

Update on MS08-067 and Microsoft Security Advisory 958963

Friday, October 31, 2008

Hi, this is Christopher Budd. As we go into the weekend I wanted to take a moment and give you an update on the latest information around MS08-067 and Microsoft Security Advisory 958963. Essentially there is no new information to report. We’ve seen no significant changes in the threat landscape since our posting of Microsoft Security Advisory 958963 on Monday.

Read More

Observations from the EcoStrat-isphere

Thursday, October 30, 2008

** Handle:** Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change - the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos As part of the quest to help “secure the planet”, our team travels over this planet a lot, and I wanted to highlight a few of the interesting security gatherings I’ve been to lately.

Read More

Microsoft out-of-band Security Bulletin (MS08-067) Webcast Q&A

Monday, October 27, 2008

Register now for the November 2008 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: Microsoft out-of-band Security Bulletin (MS08-067) TechNet Webcast Date: Thursday, October 23, 2008 and Friday, October 24, 2008 Note: The below questions were submitted from webcast attendees and are not necessarily in the order they were addressed during webcast.

Read More

Microsoft Security Advisory 958963

Monday, October 27, 2008

Hey folks, Mike Reavey here, It’s been almost five days since we originally released MS08-067, and our tracking shows that security deployments remain strong. We’re also still unaware of any application compatibility issues with this update. Like we’ve said, we’re continuing to watch the threat environment. Yesterday, we said that our analysis of public exploit code that was available showed it would always result in a denial of service.

Read More

Out-Of-Band Security Bulletin Webcast Questions and Answers - MS08-067

Monday, October 27, 2008

Hi, On Thursday, October 23, 2008, Microsoft released an Out-Of-Band Security Bulletin (MS08-067). To meet the customer demand for information relating to this release, Microsoft conducted three customer webcasts. Two of these webcasts were conducted on Thursday, October 23rd and the other on Friday, October 24th. The link below will direct you to a collection of all questions answered during the three webcasts.

Read More

Update on MS08-067

Sunday, October 26, 2008

Hello everyone, This is Christopher Budd once again. As I said in my last post, we aren’t done when we release an update. Our response teams are constantly watching the situation around the world to understand as much as possible what’s going on with things like the threat environment and the state of security update deployments.

Read More

Most common questions that we've been asked regarding MS08-067

Saturday, October 25, 2008

Since the release we have received several great questions regarding MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx), thus we decided to compile answers for them. We still want to encourage everyone to apply the update. Can the vulnerability be reached through RPC over HTTP? No, the vulnerability cannot be reached through RPC over HTTP. RPC over HTTP is an end-to-end protocol that has three roles: client, proxy and server.

Read More