MSRC

Update - Restart Issues After Installing MS10-015 and the Alureon Rootkit

Wednesday, February 17, 2010

Hi, We wanted to provide you with an update on our ongoing investigation into the “blue screen” issues affecting a limited number of customers who installed MS10-015. We have been working around the clock with our customers, partners and several teams at Microsoft to determine the cause of these issues. Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit.

• Malicious Software (Malware)
• Security Bulletin
• Security Update
• Virus

Update - Restart Issues After Installing MS10-015

Friday, February 12, 2010

In our continuing investigation in to the restart issues related to MS10-015 that a limited number of customers are experiencing, we have determined that malware on the system can cause the behavior. We are not yet ruling out other potential causes at this time and are still investigating. Please review our blog post from yesterday for additional information.

• Microsoft Windows
• Mitigations
• Security Update

February 2010 Security Bulletin Webcast

Thursday, February 11, 2010

Hi everyone, As we do every month following our public webcast, we have posted the questions and answers (which you can find here) and the recorded webcast below. This month there were no particular themes that emerged in the questions. They ranged from wanting clarification of what it means when we say something is “public” to questions like “Will applying Enable_SSL_Renegotiate_Workaround.

Monthly Security Bulletin Webcast Q&A - February 2010

Thursday, February 11, 2010

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: February 2010 Security Bulletin Release Date: Wednesday, February 10, 2010 Q: MS10-003 supersedes MS09-062 which was released for Windows in addition to Office. Does MS10-003 supersede only the Office XP components of MS09-062 or does it supersede all of MS09-062?

• Pages
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A
• Webcast Q&A

Restart issues after installing MS10-015

Thursday, February 11, 2010

Hi everyone, I am writing to let you know that we are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software.

• Microsoft Windows
• Security Bulletin
• Security Update
• Workarounds

February 2010 Security Bulletin Release

Tuesday, February 09, 2010

MSRC Bulletin Release Blog Post Hi everyone, As mentioned in our ANS blog post last week, today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office. In the post on Thursday, we mentioned that bulletins in the ANS listed as 1, 2, 3, and 6 were going to top our deployment priority list this month.

• ActiveX
• Attack Vector
• Exploitability
• Exploitability Index
• Killbit
• Microsoft Office
• Microsoft Windows
• Mitigations
• Security Bulletin
• Security Update
• Security Update Webcast
• Video

February 2010 Bulletin Release Advance Notification

Thursday, February 04, 2010

Today we released February bulletin information through our Advance Notification Service (ANS). This month, we will be releasing 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities. Eleven of the bulletins affect Windows and the remaining two affect Office. More information about the upcoming security updates can be found on the Advance Notification Service (ANS) webpage.

• Microsoft Office
• Microsoft Windows
• Security Bulletin
• Security Update

Security Advisory 980088 Released

Wednesday, February 03, 2010

Hi everyone, Today we released Security Advisory 980088 to address a publicly disclosed vulnerability in Internet Explorer that may allow Information Disclosure for customers running on Windows XP or who have disabled Internet Explorer Protected Mode. At this time we are not aware of any attacks seeking to use the vulnerability.

January 2010 Out-of-Band Security Bulletin Webcast

Friday, January 22, 2010

Hello everyone, Yesterday Adrian Stone from the Microsoft Security Response Center (MSRC) and I hosted a live webcast to discuss Security Bulletin MS10-002 and Security Advisory 979682 in more detail with customers. Below is the video of that presentation and you can find the question & answer transcript here. We spent over an hour answering customer questions during the webcast.

Out-of-Band Security Bulletin Webcast Q&A - January 21, 2010

Friday, January 22, 2010

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: January 2010 Out-of-Band Security Bulletin Date: Thursday, January 21, 2010 Q: I understand the severity for workstaitons. Is the severity lower for servers in terms of this vulnerability, since most servers (except Terminal Servers) do not use IE?

• Attack
• Defense-in-depth
• Exploitability
• Internet Explorer (IE)
• Microsoft Active Protections Program (MAPP)
• Microsoft Windows
• Pages
• Security Advisory
• Security Bulletin
• Security Update
• Security Update Webcast Q & A
• Webcast Q&A
• Zero-Day Exploit