Results of Investigation into Holiday IIS Claim

We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS. What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims…

0

New Reports of a Vulnerability in IIS

Hi everyone, On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but wanted to let customers know that our initial assessment shows that the IIS web server must be in a…

0

December 2009 Security Bulletin Webcast

Hello again. This is Jerry Bryant letting you know that the questions and answers from the December 2009 security bulletin webcast have now been posted here. There is one question that I wanted to provide a little more information on and that references reports of KB973917 causing problems with Internet Information Services (IIS) 6.0 running…

0

Monthly Security Bulletin Webcast Q&A – December 2009

Hosts:                   Adrian Stone, Senior Security Program Manager Lead                                 Jerry Bryant, Senior Security Program Manager Lead Website:         TechNet/security Chat Topic:     December 2009 Security BulletinsDate:               Wednesday, December 9, 2009     Q: In reference to Windows Vista KB973565, we have machines that install this update, then reboot and uninstall the update. Is this a known problem? It downloads and installs…

0

December 2009 Security Bulletin Release

Summary of Microsoft’s Security Bulletin Release for December 2009 As noted in our Advance Notification (ANS) last Thursday, for the December bulletin release we issued six security bulletins addressing 12 vulnerabilities. Affected products include Windows, Internet Explorer (IE) and Microsoft Office products. In the ANS, we also noted that the bulletin for IE (MS09-072) is…

0

December 2009 Bulletin Release Advance Notification

Advance Notification for the December 2009 Security Bulletin Release For December we are planning to release six new security bulletins addressing 12 vulnerabilities in Windows, Internet Explorer (IE) and Microsoft Office products. Three of the bulletins have a maximum severity rating of Critical and three have a maximum severity rating of Important. To help customers…

0

Reports of Issues with November Security Updates

We’ve received questions about public reports that customers might be experiencing system issues with the November Security Updates (which some are referring to “Black Screen” issues). We’ve investigated these reports and found that our November Security Updates are not making changes to the system that these reports say are responsible for these issues. While these…

0