Hi Bill here,
You may have seen reports regarding the effectiveness of Microsoft Security Bulletin MS09-008. I wanted to let everyone know that we have thoroughly reviewed these reports, and customers who’ve deployed this update are protected from the four vulnerabilities outlined in the bulletin.
We’ve also been collaborating with several researchers regarding the effectiveness of this update, as it is a complex issue, and have released more details about these vulnerabilities and how the Security Update addresses them.
For those that want more information, please review the Microsoft Security Research and Defense blog http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx where there’s detailed information that will help customers better understand how the security update protects systems, clarifies the content of the security update and hopefully answers any questions you may have. Again, I want to assure you that MS09-008 protects from potential attacks that could exploit the vulnerabilities outlined in the bulletin.
Please continue to evaluate and deploy this update at your earliest convenience to help protect your environment.
Update: Blog Post updated to reflect the possiblity of potential attacks. We are currently not aware of any attacks.