Skip to main content
MSRC

2009

January 2009 Monthly Bulletin Release

Tuesday, January 13, 2009

Happy New Year to everyone. As Bill noted in his posting on Thursday, we are releasing one new bulletin today, MS09-001. This bulletin is rated as ‘Critical’ for Windows 2000, Windows XP and Windows Server 2003 and is rated as ‘Moderate’ for Windows Vista and Windows Server 2008. My colleague Mark Wodrich has put together a posting over at the Security Vulnerability Research and Defense (SVRD) weblog which explains more about the vulnerability and the Exploitability Index rating.

Learning by our mistakes

Monday, January 12, 2009

Mike Andrews here. With a very broad brush, the vulnerabilities we see can be split into two categories – flaws and bugs. Flaws are inherent problems with the design of a system/application – Dan Kaminskys’ DNS vulnerability would be a good example. Bugs, on the other hand, are issues with the implementation of the software, and the classic example would be a buffer overflow.

MS09-001: Prioritizing the deployment of the SMB bulletin

Friday, January 09, 2009

This month we released an update for SMB that addresses three vulnerabilities. This blog post provides additional information that might help prioritize the deployment of this update, and help explain the risk for code execution. In the bulletin you will see that the cumulative severity rating is Critical for Windows 2000, XP and Server 2003 systems, while Vista and Server 2008 have cumulative severity ratings of Moderate.

January 2009 Advanced Notification

Thursday, January 08, 2009

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Jan. 13, 2009 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

Monthly Security Bulletin Webcast Q&A - December 2008

Friday, January 02, 2009

Register now for the January 2009 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: December 2008 Security Bulletin Date: Wednesday, December 10, 2008 Q: SANS reported a 0 day not patched in MS08-073; can we anticipate another “out of band” patch if and when Microsoft confirms the vulnerability?