Hosts: Jonathan Ness, Security Development Manager, MSRC
Jerry Bryant, Group Manager, Trustworthy Computing Communications
Chat Topic: December 2011 Security Bulletin Release
Date: Wednesday, December 14, 2011
Q: Some of my users had issues with text being deleted from Word documents. Is this an issue with the Office security bulletin?
A: We are not aware of any issues ofwords being removed from the document. If this continues, please contact support at 1-866-PC-SAFETY.
Q: You said that MS11-090 only applied to Windows XP and Windows Server 2003, but my WSUS is showing it needed for my Windows 7 and Windows Server 2008 & 2008 R2 machines.
A: The MS11-090 bulletin is a Cumulative Security Update of ActiveX Kill Bits. It addresses a new CVE that only affects Windows XP and Windows Server 2003, but also contains kill bits for various third party software, and affects a broader set of platforms than just Windows XP and Server 2003.
Q: Will raising the Excel macro security level to high and ensuring that all macro code is digitally signed mitigate the Excel risks for this month?
A: The December Excel update fixes a vulnerability in the document parsing functionality in excel. This functionality is invoked when an Excel document is loaded into the Excel Application. While limiting macros execution in Excel is good security practice, it will not help you if trying to use it to mitigate the issue addressed by the December Excel update.
Q: Is there a link to the work-around fix for the Duqu-type open font vulnerability that you discussed?
A: The Workaround section for the CVE-2011-3402 in the MS11-087 bulletin explains how to apply and undo the workaround, and it also contains links to Fix It related to these operations.
Q: Once Office File Validation updates are installed, we have had some instances of Excel and Word documents opening very slowly across our network. You mentioned that Office File Validation can help reduce attack vectors. Can you share any information on the effects of installing Office File Validation?
A: We released a fix to increase the performance of opening across the network.The fix is documented in KB2570623.
Q: On my WSUS server, I searched MS11-088 and KB2596511 was found but KB2647540 was not found. As the Detection & Deployment indicates through the Download Center, should KB2596511 be approved through WSUS and KB2647540 be manually applied? Is KB2596511 complete on WSUS?
A: KB2647540 is currently only available via the Download Center. The update will also be provided through our other standard distribution methods once testing has been completed to ensure distribution will be successful through these channels.