msrc

Further Insight into Security Advisory 979352 and the Threat Landscape

Sunday, January 17, 2010

Hi All, We wanted to provide you some insight into the vulnerability reported in Microsoft Security Advisory 979352, which is related to our ongoing investigation into the recently publicized attacks against Google and other large corporate networks. We understand that there is a lot of noise about this topic right now and we know that our customers are receiving a lot of information about this situation from a variety of sources, so we want to provide some additional insight.

Advisory 979352 Updated

Friday, January 15, 2010

Hello, Today we updated Security Advisory 979352 to let customers know that we are aware that exploit code for the vulnerability used in recent attacks against IE 6 users, has now been made public. Information on which versions of Internet Explorer are vulnerable and what customers can do to protect themselves is included in the updated Security Advisory.

• Exploitability
• Internet Explorer (IE)
• Security Advisory

January Security Bulletin Webcast

Friday, January 15, 2010

Hello again. To close out our January security bulletin release, we have posted the questions and answers from Wednesday’s webcast and embedded the video below. Since we only had one bulletin, the presentation was pretty short and most of the questions were concerning the Adobe Flash Player advisory we released.

Monthly Security Bulletin Webcast Q&A - January, 2010

Friday, January 15, 2010

Hosts: Dustin Childs, Security Program Manager Jerry Bryant, Senior Security Program Manager Lead Website: TechNet/security Chat Topic: January 2010 Security Bulletins Date: Wednesday, January 13, 2010 Q: Will installing the latest version of Adobe Flash Player uninstall Adobe Flash Player 6, or am I required to use the removal tool first before installing?

• Pages
• Security Bulletin
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A

Security Advisory 979352 Released

Thursday, January 14, 2010

Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks. Today, Microsoft issued guidance to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer. Additionally, we are cooperating with Google and other companies, as well as authorities and other industry partners.

• Defense-in-depth
• Exploitability
• Internet Explorer (IE)
• Security Advisory
• Workarounds
• Zero-Day Exploit

January 2010 Security Bulletin Release

Tuesday, January 12, 2010

Summary of Microsoft’s Security Bulletin Release for January 2010 Hi Everyone, We hope that 2010 is off to a good start for you. For our first bulletin release of the New Year, we have one Critical bulletin affecting all versions of Windows. The bulletin, MS10-001, addresses one vulnerability in the Embedded OpenType Font Engine and is Critical on Windows 2000.

• Exploitability
• Malicious Software Removal Tool (MSRT)
• Microsoft Windows
• Risk Assessment
• Security Advisory
• Security Bulletin
• Security Development Lifecycle (SDL)
• Security Update
• Video

January 2010 Bulletin Release Advance Notification

Thursday, January 07, 2010

Advance Notification for the January 2010 Security Bulletin Release It may be a new year but here in the Microsoft Security Response Center, it is business as usual. This month we have one bulletin addressing a single vulnerability in Windows. The vulnerability is critical on Windows 2000 and low for all other platforms.

• Security Bulletin
• Security Update

Results of Investigation into Holiday IIS Claim

Tuesday, December 29, 2009

We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS. What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.

New Reports of a Vulnerability in IIS

Sunday, December 27, 2009

Hi everyone, On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a non-default, unsafe configuration in order to be vulnerable.

• Emerging Threat
• Risk Assessment

December 2009 Security Bulletin Webcast

Friday, December 11, 2009

Hello again. This is Jerry Bryant letting you know that the questions and answers from the December 2009 security bulletin webcast have now been posted here. There is one question that I wanted to provide a little more information on and that references reports of KB973917 causing problems with Internet Information Services (IIS) 6.