During the security bulletin webcast for June 2009, we answered a wide array of questions around the 10 bulletins we released. Of primary interest to customers, based on the number of questions we received on the topic, is the RPC issue addressed by MS09-026. As this issue affects third party products that utilize RPC in Windows, customers wanted to know if there is a way to tell if their third party product was vulnerable. First, we are not aware of any applications that are vulnerable to this issue at this time. Second, we recommend that you consult with your application developer as they are in the best position to analyze their code for this issue. To help with this, the Security Research & Defense team posted guidance to their blog on “How a developer can know if their RPC interface is affected”.
The complete list of questions and answers from the webcast is now posted here:
http://blogs.technet.com/msrc/pages/monthly-security-bulletin-webcast-q-a-june-2009.aspx
Also, here is the link to the Q&A index page in case you want to view previous months:
http://blogs.technet.com/msrc/pages/microsoft-security-bulletin-webcast-q-a-index-page.aspx
The video of this month’s webcast is just over an hour long as we had 10 bulletins and a couple of advisories to cover. The Q&A portion starts at around 39 minutes in if you want to skip to that portion.
More listening and viewing options: - Windows Media Video (WMV) - Windows Media Audio (WMA) - Large Preview Image (PNG) - Small Preview Image (PNG) - iPod Video (MP4) - MP3 Audio - Streaming WMV (512kbps) - High Quality WMV (2.5 Mbps) - Zune Video (WMV) |
---|
Every month in the webcast, we cover an aggregate severity and exploitability index ratings slide that we think is useful as a quick reference when doing a risk assessment. Here is that slide for your reference in case you were not able to attend the webcast or print the slides out during the webcast:
Finally, there are two additional items I want to mention that we covered in the webcast this month:
First, we put out a call for feedback on the Exploitability Index. The index provides customers with guidance on the likelihood of functioning exploit code being developed in the first 30 days for vulnerabilities addressed in our bulletins. This index has been available now for 9 months and we want to get your feedback on it positive or negative and how you use it in your risk assessments. To submit your feedback, simply email it to msrcteam@microsoft.com.
The second thing we covered that I wanted to mention here is that Office Update is retiring. Starting August 1, 2009, we will discontinue support for Office Update and the Office Update Inventory Tool. At that time, to continue receiving updates for Office products, you will need to use Microsoft Update. For more information see the FAQ (http://office.microsoft.com/en-us/downloads/FX010402221033.aspx).
As always, customers experiencing issues installing any of the updates this month should contact our Customer Service and Support group:
Customers in the U.S. and Canada can receive technical support from Microsoft Customer Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
Please join us for our next live webcast on July 14, 2009 at 11:00 am PDT (UTC –7). Follow this link to pre-register:
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032407482
Hope to see you then!
Jerry Bryant
*This posting is provided “AS IS” with no warranties, and confers no rights.*