March 2009 monthly security bulletins released

The March 2009 release  has just come out, patch Wednesday downunder, with 3 new security bulletins for newly discovered vulnerabilities, 1 of which has a maximum severity of "Critical" because of the possibility of Remote Code Execution -

• MS09-006 - Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690) 

• MS09-007 - Vulnerability in SChannel Could Allow Spoofing (960225)

• MS09-008 - Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)

Summaries for new bulletins may be found at https://www.microsoft.com/technet/security/bulletin/ms09-mar.mspx

Tomorrow morning we have the regular monthly security bulletin webcast, Thursday March 12, 7AM NZ Time. We'll have an overview of the March bulletins, and you'll have the opportunity to ask us questions around the release.

We also now have available a short video from the Microsoft Security Response Centre (MSRC), to further aid in planning and deployment.  The video focuses on the severity of the issue and the exploitability index ratings we have assigned them in order to help you get a quick understanding of the impact to your environment.

Another excellent resource is the Security Research & Defence Blog https://blogs.technet.com/srd which provides IT pros with additional information about mitigations, workarounds and root causes of vulnerabilities.  And the MSRC Blog https://blogs.technet.com/msrc