MSRC

March 2009 Monthly Bulletin Release

Tuesday, March 10, 2009

Hi, Bill here, The March 2009 release contains 3 new bulletins, 1 of which has a maximum severity of “Critical”. MS09-006 - Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) MS09-007 - Vulnerability in SChannel Could Allow Spoofing (960225) MS09-008 - Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) We also revised bulletin MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), to note a revision to some of the packages associated with this bulletin (specifically 938464).

Security Bulletin Overview Video - March 2009

Tuesday, March 10, 2009

Hi Everyone, This month we are adding another new video feature. In addition to the entire security bulletin webcast recordings being posted for you to playback (available later this week), we are also providing a short, five to ten minute overview of the bulletins we have released. These clips will focus on the severity of the issue and the exploitability index ratings we have assigned them in order to help you get a quick understanding of the impact to your environment.

• Video

March 2009 Advanced Notification

Thursday, March 05, 2009

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release, scheduled for Tuesday, March 10, 2009 around 10 a.m. Pacific Standard Time. As part of this month’s security bulletin release process, we will issue three security bulletins – one rated ‘Critical’ and two rated ‘Important’ – to address vulnerabilities in Microsoft Windows.

Microsoft Security Advisory 968272

Tuesday, February 24, 2009

Hello, Bill here, I wanted to let you know that we have just posted Microsoft Security Advisory (968272). This advisory contains information regarding public reports of a vulnerability in Microsoft Office Excel that could allow for remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.

February 2009 Security Bulletin Webcast Videos

Tuesday, February 17, 2009

Hey everyone, This is Jerry Bryant, senior program manager on the security response communications team. We are already posting the Q&A from our monthly security bulletin webcasts here on the blog but if you attended our live webcast on Wednesday 2/11/2009, you may have heard Christopher Budd mention that we were recording the session and would be posting video as well.

• Security Update Webcast
• Video

Monthly Security Bulletin Webcast Q&A - February 2009

Monday, February 16, 2009

Register now for the March 2009 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Sr. Security Program Manager Lead (MSRC) Website: TechNet/security Chat Topic: February 2009 Security Bulletin Date: Wednesday, February 11, 2009 Q: Why are there no updates for Internet Explorer versions prior to Internet Explorer 7?

• Pages
• Security Update Webcast Q & A

Security Bulletin Webcast Questions and Answers - February 2009

Monday, February 16, 2009

Hi, During this month’s webcast we were able to address 37 questions in the time allotted. Most of the questions asked involved MS09-002 (Internet Explorer), MS09-003 (Exchange Server) and MS09-004 (SQL Server). We only received a few questions regarding MS-09-005 (Visio). There were also a couple of questions regarding update deployment and attack vectors addressed.

• Security Update Webcast Q & A

Conficker Activity Update

Thursday, February 12, 2009

There’s been a lot of activity today around the Conficker worm here at Microsoft and across the industry. I wanted to give everyone a quick, high-level overview on what’s been going on today. First, today we’re making public, the work we and many other industry and academic partners have been doing behind the scenes to help combat the Conficker worm.

Conficker Domain Information

Thursday, February 12, 2009

I wanted to follow up our recent Conficker post from last Friday where we posted new pages to consolidate our information on Conficker for enterprises and consumers. We’ve also made the easy-to-remember URL www.microsoft.com/conficker available that will take you directly to the Conficker page for enterprises. We’ve shared some additional information today with our Microsoft Active Protections Program (MAPP) partners and our Microsoft Security Response Alliance (MSRA) partners.

February 2009 Monthly Bulletin Release

Tuesday, February 10, 2009

Today we’re releasing four new security bulletins as part of our regular monthly release process. · MS09-002 rated Critical that addresses two code execution vulnerabilities in Internet Explorer. · MS09-003 rated Critical that addresses one code execution vulnerability and one denial of service vulnerability in Exchange Server. · MS09-004 rated Important that addresses one code execution vulnerability in SQL Server.