| Author | Messages | |
sbradcpa
Posts:496
 | | 01/05/2006 8:26 AM |
| Important Information for Thursday 5 January 2006
Microsoft announced that it would release a security update to help
protect customers from exploitations of a vulnerability in the Windows
Meta File (WMF) area of code in the Windows operating system on Tuesday,
January 2, 2006, in response to malicious and criminal attacks on
computer users that were discovered last week.
Microsoft will release the update today on Thursday, January 5, 2006,
earlier than planned.
Microsoft originally planned to release the update on Tuesday, January
10, 2006 as part of its regular monthly release of security bulletins,
once testing for quality and application compatibility was complete.
However, testing has been completed earlier than anticipated and the
update is ready for release.
In addition, Microsoft is releasing the update early in response to
strong customer sentiment that the release should be made available as
soon as possible.
Microsoft's monitoring of attack data continues to indicate that the
attacks are limited and are being mitigated both by Microsoft's efforts
to shut down malicious Web sites and with up-to-date signatures form
anti-virus companies.
The security update will be available at 2:00 pm PT as MS06-001.
Enterprise customers who are using Windows Server Update Services will
receive the update automatically. In additional the update is supported
Microsoft Baseline Security Analyzer 2.0, Systems Management Server, and
Software Update Services. Enterprise customers can also manually
download the update from the Download Center.
Microsoft will hold a special Web cast on Friday, January 6, 2006, to
provide technical details on the MS06-001 and to answer questions.
Registration details will be available at
http://www.microsoft.com/technet/security/default.mspx.
Microsoft will also be releasing additional security updates on Tuesday,
January 10, 2006 as part of its regularly scheduled release of security
updates.
What is this alert?
As part of the monthly security bulletin release cycle, Microsoft
provides advance notification to our customers on the number of new
security updates being released, the products affected, the aggregate
maximum severity and information about detection tools relevant to the
update. This is intended to help our customers plan for the deployment
of these security updates more effectively.
In addition, to help customers prioritize monthly security updates with
any non-security updates released on Microsoft Update, Windows Update,
Windows Server Update Services and Software Update Services on the same
day as the monthly security bulletins, we also provide:
* Information about the release of updated versions of the
Microsoft Windows Malicious Software Removal Tool.
* Information about the release of NON-SECURITY, High Priority
updates on Microsoft Update (MU), Windows Update (WU), Windows Server
Update Services (WSUS) and Software Update Services (SUS). Note that
this information will pertain ONLY to updates on Windows Update and only
about High Priority, non-security updates being released on the same day
as security updates. Information will NOT be provided about Non-security
updates released on other days.
On 10 January 2006 Microsoft is planning to release:
Security Updates
* 1 Microsoft Security Bulletin affecting Microsoft Windows. The
highest Maximum Severity rating for these is Critical. These updates may
require a restart. These updates will be detectable using the Microsoft
Baseline Security Analyzer (MBSA).
* 1 Microsoft Security Bulletin affecting Microsoft Exchange and
Microsoft Office. The highest Maximum Severity rating for these is
Critical. These updates may require a restart. These updates will be
detectable using the Microsoft Baseline Security Analyzer (MBSA).
Microsoft Windows Malicious Software Removal Tool
* Microsoft is planning to release an updated version of the
Microsoft Windows Malicious Software Removal Tool on Windows Update,
Microsoft Update, Windows Server Update Services and the Download
Center. Note that this tool will NOT be distributed using Software Update
Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
* Microsoft is planning to release 1 NON-SECURITY High-Priority
Update on Windows Update (WU) and Software Update Services (SUS).
* Microsoft is planning release 3 NON-SECURITY High-Priority
Updates on Microsoft Update (MU) and Windows Server Update Services
(WSUS)
Although we do not anticipate any changes, the number of bulletins,
products affected, restart information and severities are subject to
change until released.
Microsoft will host a webcast next week to address customer questions on
these bulletins. For more information on this webcast please see below:
* TechNet Webcast: Information about Microsoft's Security
Bulletins (Level 100) * Wednesday, January 11, 2006 11:00 AM
(GMT-08:00) Pacific Time
(US & Canada
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=10322
87360&EventCategory=4&culture=en-US&CountryCode=US At this time no
additional information on these bulletins such as
details regarding severity or details regarding the vulnerability will
be made available until 10 January 2006.
Thank you,
Microsoft PSS Security Team
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ | | | |
|
|