January 2009 Monthly Bulletin Release


Happy New Year to everyone.


As Bill noted in his posting on Thursday, we are releasing one new bulletin today, MS09-001. This bulletin is rated as ‘Critical’ for Windows 2000, Windows XP and Windows Server 2003 and is rated as ‘Moderate’ for Windows Vista and Windows Server 2008. My colleague Mark Wodrich has put together a posting over at the Security Vulnerability Research and Defense (SVRD) weblog which explains more about the vulnerability and the Exploitability Index rating.


Also, as we do every month, we’ve released an updated version of our Malicious Software Removal Tool (MSRT). This month’s release adds the ability to remove the Win32/Conficker and Win32/Banload families of malware. Impacted customers will be interested in the addition of Win32/Conficker.B; which has had a significant and sudden impact on some customers. While we’ve had protections for Win32/Conficker.B; since Dec 29, 2008 in Microsoft Forefront, Windows Live OneCare, and Windows Live OneCare safety scanner, we’re also adding it to the MSRT to help impacted customers with remediation. My colleagues over in the Microsoft Malware Protection Center (MMPC) have more details about this on their weblog.


We know that there might be some questions about the beta version of Windows 7 and today’s bulletin. Windows 7 is affected only by the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) and, like Windows Vista and Windows Server 2008, would be rated as Moderate because the vulnerability would require authentication for any attack to succeed.. We provide security updates for beta versions of Windows through Windows Update for Critical issues only. So the SMB Validation Denial of Service Vulnerability (CVE-2008-4114) will be addressed in the next public release for Windows 7.


Finally, as we do each month we’ll be hosting our TechNet Security Bulletin webcast tomorrow, Jan. 14, 2009 at 11 a.m. Pacific time where we’ll review the bulletins and answer your questions live. If you can’t join us live, you can also watch the webcast on demand afterward. You can register for the webcast (either live or on demand) here.


Thanks,


Christopher


*This posting is provided “AS IS” with no warranties, and confers no rights*


Comments (8)

  1. Anonymous says:

    Just a quick FYI that we released Microsoft Security Bulletin MS09-001 today.  This security update

  2. Anonymous says:

    Just a quick FYI that we released Microsoft Security Bulletin MS09-001 today.  This security update

  3. Anonymous says:

    I want to add a few things as it is still not over: More and more enterprises are still hit. My last

  4. Anonymous says:

    分类: 膝上电脑 , 桌面产品 [撰文:Atticus Wu] 如果你新装 Windows 7 Beta 版,并编辑过硬盘里的 MP3 档案的话,档案里面可能有几秒的声音会有损毁的问题。微软为了解决这个问题

  5. Anonymous says:

    Pravděpodobně další červ z dílny " reverse engineering ", tentokrát s názvem Conficker , který využívá

  6. Anonymous says:

    Aggiornato il 12/02/2008 ore 10:30 Risorse di riferimento: Detection and Deployment Guidance for Microsoft

  7. Anonymous says:

    Již jsme o Confickeru psali zde . Jeho další mutace Conficker.D (rovněž známí pod názvem Conficker.C;