Tuesday, November 11, 2008
Hi, this is Christopher Budd. We’ve received some questions from customers about MS08-068 and its relationship to an issue that was first discussed in 2001, called the SMBRelay attack. Specifically, we’ve gotten some questions about why, in 2008, we’re releasing an update that addresses an issue first discussed in 2001. Since I was in the MSRC back in 2001 when this was all first discussed, I feel well placed to answer that.
Tuesday, November 11, 2008
Today Microsoft released a security update, MS08-068, which addresses an NTLM reflection vulnerability in the SMB protocol. The vulnerability is rated Important on most operating systems, except Vista and Windows Server 2008 where it has a rating of Moderate. This blog post is intended to explain why the issue is less severe on Vista and Windows Server 2008, and provide some additional details to help people determine the risk they face in their environment.
Tuesday, November 11, 2008
Hi! This is Tami Gallupe, MSRC Release Manager and I just wanted to give you an update on the two bulletins we released today: • MS08-068: Vulnerability in SMB Could Allow Remote Code Execution (957097). This has a severity rating of Important. • MS08-069: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218).
Thursday, November 06, 2008
Hello, Bill here. I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, Nov. 11, 2008 around 10 a.m. Pacific Standard Time. It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.
Wednesday, November 05, 2008
Hi, this is Christopher Budd. We’ve been getting some questions from customers this week asking if we’ve seen any changes in the threat environment around MS08-067. We do have some information that we can share so I wanted to pass that along. Most importantly, we continue to see strong deployments of MS08-067.
Friday, October 31, 2008
Hi, this is Christopher Budd. As we go into the weekend I wanted to take a moment and give you an update on the latest information around MS08-067 and Microsoft Security Advisory 958963. Essentially there is no new information to report. We’ve seen no significant changes in the threat landscape since our posting of Microsoft Security Advisory 958963 on Monday.
Thursday, October 30, 2008
** Handle:** Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change - the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos As part of the quest to help “secure the planet”, our team travels over this planet a lot, and I wanted to highlight a few of the interesting security gatherings I’ve been to lately.
Monday, October 27, 2008
Register now for the November 2008 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: Microsoft out-of-band Security Bulletin (MS08-067) TechNet Webcast Date: Thursday, October 23, 2008 and Friday, October 24, 2008 Note: The below questions were submitted from webcast attendees and are not necessarily in the order they were addressed during webcast.
Monday, October 27, 2008
Hey folks, Mike Reavey here, It’s been almost five days since we originally released MS08-067, and our tracking shows that security deployments remain strong. We’re also still unaware of any application compatibility issues with this update. Like we’ve said, we’re continuing to watch the threat environment. Yesterday, we said that our analysis of public exploit code that was available showed it would always result in a denial of service.
Monday, October 27, 2008
Hi, On Thursday, October 23, 2008, Microsoft released an Out-Of-Band Security Bulletin (MS08-067). To meet the customer demand for information relating to this release, Microsoft conducted three customer webcasts. Two of these webcasts were conducted on Thursday, October 23rd and the other on Friday, October 24th. The link below will direct you to a collection of all questions answered during the three webcasts.
