Microsoft Security RC Blog

Hi. Bill here.

 

I want to let you know that customers running Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 may experience an issue installing the update provided in Microsoft Knowledge Base Article 954960. The update does not correctly elevate privileges, which are required for the installation to complete. In order to successfully install this update we have identified steps in Advisory 954960.

 

Additionally, the update does not place an entry in Add or Remove Programs, and cannot be uninstalled. Microsoft has identified the packaging inconsistencies in the current update and is investigating options to resolve them.

 

We will continue to monitor the situation and post updates to the advisory and the MSRC blog as we become aware of any important new information.

Thanks,

Bill

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello,

This is Christopher Budd. I wanted to take a moment and let you know about a revision that we’ve made to MS08-037 today.

After the release of  MS08-037, we became aware of reports of ZoneAlarm customers experiencing issues after applying the security updates. We started investigating these reports as soon as we heard about them and have been working to research this issue. We’re still working on this issue but we do have some information from our investigation so far, which we’ve put into the bulletin.

Specifically, we’ve identified that customers who are running either ZoneAlarm or Check Point Endpoint Security (previously named Check Point Integrity) who apply MS08-037 may lose network connectivity after applying these updates. Our investigation so far has shown that no other customers are affected by this issue.

We’re still investigating this issue but we encourage customers who are using ZoneAlarm to review the appropriate ZoneAlarm Web site and Check Point Endpoint customers to  review the appropriate Check Point Web site for the latest guidance or software updates and factor this information into your risk assessment, testing, and deployment planning.

We will update the bulletin and the MSRC weblog with more information as we have it.

Thanks.

Christopher

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi. Bill here.

 

I want to let you know that we updated Microsoft Security Advisory 954960, which contains information regarding deployment issues with Microsoft Windows Server Update Services (WSUS) version 3.0 and 3.0 Service Pack 1. Under specific conditions, the issue does not let clients detect any updates from a WSUS server on systems with Microsoft Office 2003 installed.

 

We have released an update to correct this issue under Microsoft Knowledge Base Article 954960. Microsoft encourages customers affected by this issue to review and install this update.

 

This issue is not related to Microsoft Security Advisory 954474 where systems were blocked from deploying security updates using System Center Configuration Manager 2007.

 

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello, Bill here,

I wanted to let you know that we have just posted Microsoft Security Advisory (953635).

This advisory contains information regarding a new public report of a possible vulnerability within Microsoft Office Word which could allow for remote code execution. Our investigation thus far has shown that this vulnerability affects Microsoft Office Word 2002 Service Pack 3 only.

At this time, we are aware of limited, targeted attacks attempting to use the reported vulnerability, but we will continue to track this issue. 

The advisory contains workarounds that customers can use to help protect themselves. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release.

We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information.

In the meantime, we encourage customers to review the advisory and implement the workarounds.

Bill Sisk

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi,

Simon here again – I just wanted to follow up on the SQL update detection issue I mentioned below. We’ve released updated WU/MU detection and an updated WSUS catalog to resolve this issue.

Cheers,

Simon

Release Manager, MSRC

 

July 2008 Monthly Bulletin Release

 

I'm Simon, Release Manager in the MSRC.  The July 2008 release contains 4 new bulletins, all with maximum severities of "Important".

 

MS08-037            Vulnerabilities in DNS Could Allow Spoofing (953230)

 

MS08-038            Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)

 

MS08-039            Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

 

MS08-040            Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

 

For a technical deep dive regarding these bulletins, please visit our Security Vulnerability Research and Defence blog.

 

If you have the Windows Internal Database (Microsoft Windows 2003 or Microsoft Windows 2008) installed on or enabled without SQL Server 2005 SP2 and you have are opt-into Microsoft Update, the SQL Server 2005 service pack 2 update may be offered incorrectly and fail to install. The Windows Internal Database will be updated as expected, since the Windows Internal Database update is also offered.  Microsoft is working on resolving this issue and will be updating the detection logic to avoid the incorrect offering.

 

In addition, we’ll also be releasing an infrastructure update to the Windows Update client itself later this month, which has been standard practice for over 8 years. Windows Vista customers who select “never check for updates” (and Windows XP customers who select “turn off Automatic Update”) in their WU settings will not receive this WU infrastructure update unless they elect to install it manually by visiting Windows Update. For more information, please visit the Microsoft Update blog.

 

Please join us for the regular monthly security bulletin webcast, Wednesday July 9, 11:00 PDT (GMT -7). We'll have an overview of the July bulletins, and you'll have the opportunity to ask us questions around the release.

 

Cheers,

 

Simon

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi. Bill here.

 

I want to let you know that we have just posted Microsoft Security Advisory 955179, which contains information regarding active, targeted attacks using a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access.

 

The Snapshot Viewer enables you to view a report snapshot without having the standard or run-time versions of Microsoft Office Access.

 

The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003.

 

We’ve activated our Software Security Incident Response Process (SSIRP) to investigate and have identified steps customers can take to protect themselves in the workaround section.

 

We encourage affected customers to implement the manual workarounds included in the Advisory, which Microsoft has tested. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors.

 

While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA partners to help protect customers. We will update the Advisory and this blog as new information becomes available.

 

Thanks,

 

Bill Sisk

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello, Bill here.

I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, July 8, 2008 around 10 a.m. Pacific Standard Time.

It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

 

·        Four Microsoft Security Bulletins rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer.

 

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

 

We are also planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

 

Finally, in late July, we’ll also be releasing KB946928 which updates the infrastructure of the Windows Update client itself. For more information on this update, please visit the Microsoft Update blog.

 

As always, we’ll be holding the July edition of the monthly security bulletin webcast on Wednesday, July 9, 2008 at 11 a.m., Pacific Standard Time.  We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well. You can register for the webcast here: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032374629&Culture=en-US

 

Thanks,

 

Bill Sisk

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi. Bill here.

 

I want to let you know that we have just posted Microsoft Security Advisory 954960, which contains information regarding deployment Issues with Microsoft Windows Server Update Services (WSUS) version 3.0 and 3.0 Service Pack 1. Under specific conditions, the issue does not let clients detect any updates from a WSUS server on systems with Microsoft Office 2003 installed.

 

While the notification of this issue went out as a Security Advisory, this issue is not a security vulnerability in WSUS or Microsoft Office 2003, but it does address customers’ overall security. This issue only affects the ability of client machines to synchronize with a WSUS server.

 

We encourage affected customers to implement the manual workarounds, included in the Advisory, which enable clients to synchronize with a WSUS server and will be updated when our ongoing work in testing the permanent solution is complete.

 

This issue is not related to Microsoft Security Advisory 954474 where systems were blocked from deploying security updates using System Center Configuration Manager 2007.

 

Thanks,

 

Bill Sisk

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi, Andrew here,

 

Often, when you see me blogging, I’m talking about the important work we do with the researcher community. However, in addition to work with researchers, we’re always looking for ways to foster work with others in the industry and share best practices.

 

As I sit here today at the annual FIRST Conference and think about the future of security response, I’m excited to tell you about ICASI (Industry Consortium for the Advancement of Security on the Internet), a new non-profit organization that will enhance global IT security by proactively driving excellence and innovation in security response.

 

Microsoft has come together with Cisco, IBM, Intel and Juniper Networks to provide a trusted forum for addressing global, multi-product security threats. ICASI addresses a gap in security response by allowing leading IT vendors to share sensitive information in a secure forum so they can tackle security challenges together and help reduce risks to the global infrastructure and better protect all customers.

 

More information on the ICASI Web site at www.icasi.org, so I would encourage you to visit that site for additional details. There’s more to come, so stay tuned to the ICASI site for updates.

 

 

Thanks!

Andrew

Director, MSRC

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hey Andrew Cushman here.

 

Today I’m pleased to announce the coordinated release of three security tools in Security Advisory 954462 to help customers deal with SQL injection attacks:

 

·         UrlScan version 3.0 Beta, a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests.

·         Microsoft Source Code Analyzer for SQL Injection Community Technology Preview (June 2008), a tool that can be used to detect ASP code susceptible to SQL injection attacks.

·         Scrawlr, a free scanner, developed by HP Web Security Research Group in conjunction with Microsoft, which will allow customers to identify whether their Web sites might be susceptible to SQL injection. 

 

Back in the day, I participated in the first release of URLScan as a member of the IIS team. Things are a bit different now than they were back then. Nowadays people applaud IIS’ excellent security track record and point to it as a “poster child” of the SDL (Security Development Lifecycle).

 

Some things are unchanged though. Microsoft teams and partners remain committed to deliver tools and solutions to make it easier for Administrators to protect themselves from mis-configuration and application coding errors.  URLScan v3.0 beta, Microsoft Code Analyzer for SQL Injection and HP Scrawlr continue the tradition of development collaboration. These tools, and the quick turn around by the teams, demonstrate to me the dedication to a more secure computing experience by the SQL Server and IIS teams and our friends at Hewlett-Packard.. 

 

Special thanks go to Wade Hilmo on the IIS team and Bala Neerumalla on the SQL team.

Wade is the original and sole developer of URLScan. Another great job! Bala is the driving force behind the SQL tool and is responsible for the idea and the realization of it. 

Thanks guys!

 

Microsoft has posted a number of new related blogs posts. In addition to the SQL and IIS blogs mentioned above, I encourage you to check out the SVRD blog and the SDL blog from my colleagues down the hall.

 

 

Thanks!

Andrew

Director, MSRC

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello, this is Christopher Budd.

 

I wanted to let folks know that we’ve just re-released MS08-030. This is to let you know there’s a new version of this security update available for Windows XP SP2 and SP3 customers and to encourage them to deploy these new updates. There are no new updates for the other versions of Windows discussed in the bulletin.

 

After we released MS08-030 we learned that the security updates for Windows XP SP2 and SP3 might not have been fully protecting against the issues discussed in that bulletin. As soon as we learned of that possibility, we mobilized our Software Security Incident Response Process (SSIRP) to investigate the issue.

 

Our investigation found that while the other security updates were providing protections for the issues discussed in the bulletin, the Windows XP SP2 and SP3 updates were not.

 

Our engineering teams immediately set to work to address the issue and release new versions of the security updates for Windows XP SP2 and SP3. These are available now and are being delivered through the same detection and deployment tools as the original update.

 

If you’re running Windows XP SP2 or SP3, you should go ahead and test and deploy these new security updates. If you’ve deployed security updates for MS08-030 for other versions of Windows, you don’t need to take any action for those systems.

 

Our focus has been on delivering new versions of these updates to protect customers as quickly as possible. Now that that’s done, as part of our standard process, we’re beginning an investigation into how this happened. We’re just starting this investigation, but early on, it appears that there may have been two separate human issues involved. When we’re done with our investigation, we’ll take steps to better prevent it in the future.

 

Thanks.

 

Christopher

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello,

This is Christopher Budd again. I wanted to let you know we’ve just updated Microsoft Security Advisory 954474 to let you know we’ve released  an update that affected customers can apply to their System Center Configuration Manager (ConfigMgr) 2007 servers to resolve the issue we discussed in our posting on Friday June 13.

There are more details in the advisory, but we recommend any ConfigMgr 2007 customers with System Management Server (SMS) 2003 clients go ahead and review the KB and plan to deploy the update.

Thanks

Christopher

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello,

This is Christopher Budd. I’m back here on the MSRC weblog after spending some time learning the Privacy side of our business (and getting my CIPP certification).

I’m here to let you know that we’ve just posted Microsoft Security Advisory 954474.

This advisory is to let customers know that we’re aware of an issue that is affecting the deployment of the June 2008 security updates. This issue only affects customers using System Center Configuration Manager (ConfigMgr) 2007; none of our other detection or deployment technologies are affected. Also, the issue only affects the deployment of security updates to System Management Server (SMS) 2003 clients of ConfigMgr 2007 servers. This means that to be affected by this issue, you must be running a mixed ConfigMgr 2007 and SMS 2003 environment. If you are not running this specific configuration, this issue does not affect you.

The impact of this issue is that customers in this configuration cannot deploy the June 2008 security updates to their SMS 2003 clients using the Inventory Tool for Microsoft Updates (ITMU). 

Our security response process focuses not just on releasing security updates but also on monitoring and making sure customers can deploy them. Because of this, in response to this issue, we’ve activated our Software Security Incident Response Process (SSIRP) and our engineering teams are working to develop a solution for this issue. We’ll update the MSRC weblog and the advisory with more information as we have it.

In the meantime, customers can use the Software Distribution within ConfigMgr 2007 to deploy the June security updates as indicated in the security advisory.

Thanks,

Christopher

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello! This is Tami Gallupe (MSRC Release Manager) and I want to let you know that we just posted our June 2008 Bulletins.  We released seven bulletins today, which includes three bulletins with severity rating of Critical three bulletins with severity rating of Important and one with the severity rating of Moderate.

 

Here is a summary of what we released:

 

MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)

-          Rating: Critical

-          Impact of Vulnerability: Remote Code Execution

 

MS08-031: Cumulative Security Update for Internet Explorer (950759)

-          Rating: Critical

-          Impact of Vulnerability: Remote Code Execution              

 

MS08-032:  Cumulative Security Update of ActiveX Kill Bits (950760)        

-          Rating: Moderate

-          Impact of Vulnerability: Remote Code Execution

 

MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)          

-          Rating: Critical

-          Impact of Vulnerability: Remote Code Execution

 

MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege (948745)

-          Rating: Important

-          Impact of Vulnerability: Elevation of Privilege

 

MS08-035: Vulnerability in Active Directory Could Allow Denial of Service (953235)

-          Rating: Important

-          Impact of Vulnerability: Denial of Service

 

MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)

-          Rating: Important

-          Impact of Vulnerability: Denial of Service             

 

We also re-released MS06-078 and MS07-068 with a detection only changes.

 

Delving "under the hood" this month, our Security Vulnerability Research & Defense blog this month discusses MS08-036, MS08-033, and MS08-030. You can read about these and more at http://blogs.technet.com/swi/.

 

While we're talking about updates and blogs, I’ll also mentioned that we’ve provided new Knowledge Base (KB) articles that document installation procedures for any possible future SQL Server security updates for Microsoft SQL Server 7, Microsoft SQL 2000 or Microsoft SQL Server 2005. In particular, there are steps that SQL Server 2000 and SQL Server 2005 administrators can take in advance that could help expedite deployment of any possible future security updates.  We encourage all SQL administrators to review all these (KB) articles and consider following the steps now to better prepare for any future SQL Server updates that may be released in the future. Additional information can be found by clicking the below links.

 

·         SQL Server 2000 and MSDE 2000 installers stop dependent services

·         SQL Server 2005 installers stop dependent services

·         SQL Server 2000 installers will not update disabled SQL Server instances

·         SQL Server 2005 installers do not update an instance of the SQL Server service that is in a disabled state

·         Supported method for applying updates to SQL Server 7.0

 

As usual, I also want to remind that our monthly webcast that starts tomorrow (Wednesday, June 10th) at 11:00 AM PST.  This is a favorite event as it gives us a chance to take questions and answer them live, on the air tomorrow. Click here to Register now for the June Security Bulletin Webcast.  We look forward to hearing from you tomorrow.

 

Cheers!

  Tami

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello, Bill here.

I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, June 10, 2008 around 10 a.m. Pacific Standard Time.

It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

 

·        Three Microsoft Security Bulletins rated Critical, three Important, and one Moderate. These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer.

 

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

 

Finally, we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

 

As always, we’ll be holding the June edition of the monthly security bulletin webcast on Wednesday, June 11, 2008 at 11 a.m., Pacific Standard Time.  We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well.

 

You can register for the webcast here:

 

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032357225&Culture=en-US

 

Thanks,

 

Bill Sisk

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hi,

This is Tim Rains.

Very quickly, I wanted to let you know that we’ve just posted Microsoft Security Advisory 953818. This security advisory talks about new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari web browser for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default: it must be installed independently or through the Apple Software Update application.

If you run Safari on the affected platforms, we encourage you to review this advisory.

We’ve activated our Software Security Incident Response Process (SSIRP) and are working with our colleagues at Apple to investigate the issue. We have identified steps customers can take to protect themselves in the workaround section of the advisory.

We are currently not aware of any attacks and are monitoring the issue and are working with our MSRA partners to help protect customers. We will update the advisory and this blog as new information becomes available.

Tim

*This posting is provided "AS IS" with no warranties, and confers no rights.*

This is Tami Gallupe, MSRC Release Manager, and I want to let you know that we just posted our May 2008 Bulletins. We released four bulletins today, which include three bulletins with severity rating of critical and one with the severity rating of moderate. We also re-released MS06-069 to add XP SP3 as an affected version.

 

Here is a summary of what we released:

 

MS08-026  Vulnerabilities in Microsoft Word Could Allow Remote Code Execution

MS08-027  Vulnerability in Microsoft Publisher Could Allow Remote Code Execution

MS08-028  Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution

MS08-029 Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service

 

I think it is also worth noting that MS08-026 includes additional security mitigations against attacks as identified in Microsoft Security Advisory 950627. We recommend that customers install the updates provided in both MS08-026 and MS08-028 for the most up to date protection against these types of attacks.  

 

Our Security Vulnerability Research & Defense blog this month discusses MS08-026.  You can find a post discussing built-in functionality to turn off the vulnerable parsing code for one of the fixed vulnerabilities at http://blogs.technet.com/swi/archive/2008/05/13/file-block-and-ms08-026.aspx

 

I want to invite you to join us for the monthly webcast that starts tomorrow (Wednesday, May 14th) at 11:00 AM PST.  We’ll be discussing today’s release and answering your questions on the air. Click here to register for the May Security Bulletin Webcast.  We look forward to hearing from you tomorrow.

 

Thanks!

   Tami

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*

 

Hello, Bill here.

I wanted to let you know that we just posted our Advance Notification for next week’s bulletin release which will occur on Tuesday, May 13, 2008 around 10 a.m. Pacific Standard Time.

It is important to remember that while the information posted below is intended to help with your planning, because it is preliminary information, it is subject to change.

As part of our regularly scheduled bulletin release, we’re currently planning to release:

 

·        Three Microsoft Security Bulletins rated Critical and one that is rated as Moderate. These updates may require a restart and will be detectable using the newly released version of the Microsoft Baseline Security Analyzer.

 

As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated.

 

Finally, we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). For additional information, please see the Other Information section of the Advanced Notification.

 

As always, we’ll be holding the May edition of the monthly security bulletin webcast on Wednesday, May 14, 2008 at 11 a.m., Pacific Standard Time.  We will review this month’s release and take your questions live on-air with answers from our panel of experts. As a friendly reminder, if you can’t make the live webcast, you can listen to it on-demand as well.

 

You can register for the webcast here:

 

http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032357221&Culture=en-US

 

Thanks,

 

Bill Sisk

 

Hi there this is Bill Sisk.

There have been conflicting public reports describing a recent rash of web server attacks. I want to bring some clarification about the reports and point you to the IIS blog for additional information.

To begin with, our investigation has shown that there are no new or unknown vulnerabilities being exploited. This wave is not a result of a vulnerability in Internet Information Services or Microsoft SQL Server. We have also determined that these attacks are in no way related to Microsoft Security Advisory (951306). 

The attacks are facilitated by SQL injection exploits and are not issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies. SQL injection attacks enable malicious users to execute commands in an application's database.  To protect against SQL injection attacks the developer of the Web site or application must use industry best practices outlined here.  Our counterparts over on the IIS blog have written a post with a wealth of information for web developers and IT Professionals can take to minimize their exposure to these types of attacks by minimizing the attack surface area in their code and server configurations. Additional information can be found here: http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx

I hope this helps to answer any questions

Bill

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Hello, Bill here,

I wanted to let you know that we have just posted Microsoft Security Advisory (951306).

This advisory contains information regarding a new public report of a vulnerability within Microsoft Windows which allows for privilege escalation from authenticated user to LocalSystem. Our investigation has shown that this vulnerability affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

At this time, we are not aware of attacks attempting to use the reported vulnerability, but we will continue to track this issue.  The advisory contains several workarounds that customers can use to help protect themselves. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release.

We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information.

In the meantime, we encourage customers to review the advisory and implement the workarounds.

Bill Sisk

*This posting is provided "AS IS" with no warranties, and confers no rights.*