Microsoft Security Response Center Blog

Monthly Security Bulletin Webcast Q&A - February 2010

Thursday, February 11, 2010

Hosts: Adrian Stone, Senior Security Program Manager Lead Jerry Bryant, Senior Security Communications Manager Lead Website: TechNet/security Chat Topic: February 2010 Security Bulletin Release Date: Wednesday, February 10, 2010 Q: MS10-003 supersedes MS09-062 which was released for Windows in addition to Office. Does MS10-003 supersede only the Office XP components of MS09-062 or does it supersede all of MS09-062?

• Pages
• Security Update
• Security Update Webcast
• Security Update Webcast Q & A
• Webcast Q&A

Restart issues after installing MS10-015

Thursday, February 11, 2010

Hi everyone, I am writing to let you know that we are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software.

• Microsoft Windows
• Security Bulletin
• Security Update
• Workarounds

BlueHat Security Forum: Buenos Aires Edition

Wednesday, February 10, 2010

Handle: C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Hey Everyone! What speaks English, Portuguese and Spanish, has a hundred set of eyes, and battles in the defense of good against evil on a daily basis?

• BlueHat Security Briefings
• Community-based Defense
• Defense-in-depth
• EcoStrat
• End to End Trust
• Internet Explorer (IE)
• MSRC Ecosystem Strategy
• Responsible Disclosure
• Risk Assessment
• Security Assurance
• Security Conference Engagement
• Security Development Lifecycle (SDL)
• Security Ecosystem
• Security Engineering
• Security Research
• Security Tools
• Watering Hole

Assessing the risk of the February Security Bulletins

Tuesday, February 09, 2010

This morning, we released 13 security bulletins. Five have maximum severity rating of Critical, seven Important, and one Moderate. One security bulletin (MS10-015, ntvdm.dll) has exploit code already published, but we are not aware of any active attacks or customer impact. We hope that the table and commentary below helps you prioritize the deployment of the updates appropriately.

• Exploitability
• Mitigations
• Rating
• Risk Asessment

Details on the New TLS Advisory

Tuesday, February 09, 2010

Security Advisory 977377: Vulnerability in TLS Could Allow Spoofing In August of 2009, researchers at PhoneFactor discovered a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. As the issue is present in the actual TLS/SSL-standard, not only our implementation, Microsoft is working together with ICASI, the Industry Consortium for Advancement of Security on the Internet to address this vulnerability.

• IIS
• Mitigations
• Network protocol
• Risk Asessment
• Workarounds

February 2010 Security Bulletin Release

Tuesday, February 09, 2010

MSRC Bulletin Release Blog Post Hi everyone, As mentioned in our ANS blog post last week, today we are releasing 13 bulletins addressing 26 vulnerabilities. 11 bulletins affect Windows and 2 affect older versions of Microsoft Office. In the post on Thursday, we mentioned that bulletins in the ANS listed as 1, 2, 3, and 6 were going to top our deployment priority list this month.

• ActiveX
• Attack Vector
• Exploitability
• Exploitability Index
• Killbit
• Microsoft Office
• Microsoft Windows
• Mitigations
• Security Bulletin
• Security Update
• Security Update Webcast
• Video

MS10-006 and MS10-012: SMB security bulletins

Tuesday, February 09, 2010

Today we released two bulletins to address vulnerabilities in SMB. MS10-006 addresses two vulnerabilities in the SMBv1 client implementation, and MS10-012addresses four vulnerabilities in the SMB server implementation. In this blog entry, we want to help you understand the vulnerabilities and better prioritize the updates. What are the SMB server vulnerabilities and how could they be exploited?

• Network protocol
• SMB

MS10-007: Additional information and recommendations for developers

Tuesday, February 09, 2010

Today we are releasing MS10-007 to address a URL validation issue generally applicable to the ShellExecute API. How would a malicious user leverage this vulnerability? This issue involves how ShellExecute handles strings that appear to be legitimate URLs, but are malformed such that they result in execution of arbitrary code. Various technologies use ShellExecute to initiate a browser navigation.

• Defense-in-depth
• ShellExecute

February 2010 Bulletin Release Advance Notification

Thursday, February 04, 2010

Today we released February bulletin information through our Advance Notification Service (ANS). This month, we will be releasing 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities. Eleven of the bulletins affect Windows and the remaining two affect Office. More information about the upcoming security updates can be found on the Advance Notification Service (ANS) webpage.

• Microsoft Office
• Microsoft Windows
• Security Bulletin
• Security Update

Security Advisory 980088 Released

Wednesday, February 03, 2010

Hi everyone, Today we released Security Advisory 980088 to address a publicly disclosed vulnerability in Internet Explorer that may allow Information Disclosure for customers running on Windows XP or who have disabled Internet Explorer Protected Mode. At this time we are not aware of any attacks seeking to use the vulnerability.