Microsoft Security Response Center Blog

MS09-008 Protection

Friday, March 13, 2009

Hi Bill here, You may have seen reports regarding the effectiveness of Microsoft Security Bulletin MS09-008. I wanted to let everyone know that we have thoroughly reviewed these reports, and customers who’ve deployed this update are protected from the four vulnerabilities outlined in the bulletin. We’ve also been collaborating with several researchers regarding the effectiveness of this update, as it is a complex issue, and have released more details about these vulnerabilities and how the Security Update addresses them.

MS09-008: DNS and WINS Server Security Update in More Detail

Friday, March 13, 2009

After releasing security update MS09-008, we received a number of questions on the WPAD issue (CVE-2009-0093) addressed in the update. There are claims that this update is ineffective. Let me be clear that this update will protect you and it should be deployed as soon as possible. Below is an overview on how the complete security update helps protect a system.

• DNS
• MS09-008
• Security Update
• WINS
• WPAD

March 2009 Security Bulletin Webcast Videos

Thursday, March 12, 2009

Hey everyone, Jerry Bryant here. I am back with the videos from yesterday’s security bulletin webcast. We got great responses to the overview video we posted on Tuesday. To compliment that, the videos below go in to more detail on each bulletin and the exploitability index. As always, please plan to attend our monthly security bulletin webcast live if you can as we staff those with subject matter experts to answer the questions you have about the bulletins we released.

• Security Update Webcast
• Video

Making Sense of the Random & Mining For Gold

Wednesday, March 11, 2009

As the newest member to the EcoStrat Team, I guess I will start with the basics. I am Adrian Stone. I have now been in the Microsoft Security Response Center (MSRC) almost four years. My current job you ask? I work to make sense of the random and controlled chaos that is the MSRC.

• Exploitability Index
• ICASI
• Microsoft Active Protections Program (MAPP)
• MSRC
• Security Advisory
• Security Development Lifecycle (SDL)

Assessing the risk of the schannel.dll vulnerability (MS09-007)

Tuesday, March 10, 2009

MS09-007 resolves an issue in which an attacker may be able to log onto an SSL protected server which is configured to use certificate based client authentication with only the public key component of a certificate, not the associated private key. Only a subset of customers who log into SSL protected servers are at risk but it is a little tricky to explain who might be affected due to the unique nature of this vulnerability.

• Risk Asessment
• Signing
• Spoofing

March 2009 Monthly Bulletin Release

Tuesday, March 10, 2009

Hi, Bill here, The March 2009 release contains 3 new bulletins, 1 of which has a maximum severity of “Critical”. MS09-006 - Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) MS09-007 - Vulnerability in SChannel Could Allow Spoofing (960225) MS09-008 - Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238) We also revised bulletin MS08-052 Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), to note a revision to some of the packages associated with this bulletin (specifically 938464).

Security Bulletin Overview Video - March 2009

Tuesday, March 10, 2009

Hi Everyone, This month we are adding another new video feature. In addition to the entire security bulletin webcast recordings being posted for you to playback (available later this week), we are also providing a short, five to ten minute overview of the bulletins we have released. These clips will focus on the severity of the issue and the exploitability index ratings we have assigned them in order to help you get a quick understanding of the impact to your environment.

• Video

CanSecWest Preview & New Blog URL

Thursday, March 05, 2009

It’s getting busy around here with people preparing for the CanSecWest security conference (http://cansecwest.com/). Many of the Microsoft Security Engineering Center (MSEC) and Microsoft Security Response Center (MSRC) members that regularly post to this blog will be attending CanSecWest and soaking up the 3 days of presentations & networking. If you haven’t heard us talk about the Security Science angle of MSEC before, let me explain.

• CanSecWest
• Security Development Lifecycle (SDL)
• Security Science

March 2009 Advanced Notification

Thursday, March 05, 2009

Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release, scheduled for Tuesday, March 10, 2009 around 10 a.m. Pacific Standard Time. As part of this month’s security bulletin release process, we will issue three security bulletins – one rated ‘Critical’ and two rated ‘Important’ – to address vulnerabilities in Microsoft Windows.

Behavior of ActiveX controls embedded in Office documents

Tuesday, March 03, 2009

The Microsoft Office applications (Word, Excel, PowerPoint, etc) have built-in ActiveX control support. ActiveX support allows a richer experience when interacting with an Office document. For example, a document author could use the Safe-For-Initialization Office Web Components (OWC) ActiveX control to retrieve data from an intranet data source. Office applications’ prompting behavior

• ActiveX
• Internet Explorer (IE)
• Microsoft Office
• Safe for initialization
• Workarounds