August 2011 Bulletin Release -Final - Customer
advertisement
Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft Corporation Jerry Bryant Group Manager, Response Communications Microsoft Corporation Dial In Number 1-800-229-0449 Pin: 3750 What We Will Cover • Review of August 2011 Bulletin release information: – – – – – New Security Bulletins Security Advisory Re-released Bulletins Announcements Microsoft® Windows® Malicious Software Removal Tool • Resources • Questions and answers: Please Submit Now Dial In Number 1-800-229-0449 Pin: 3750 RISK 1 2 3 Exploitability Index Severity and Exploitability Index DP 1 3 2 3 2 2 2 2 3 3 3 3 MS11-063 MS11-064 MS11-065 MS11-068 Dial In Number 1-800-229-0449 Pin: 3750 IMPACT MS11-067 .NET .NET Framework MS11-066 Windows MS11-062 Visual Studio MS11-061 Windows MS11-060 Windows Office MS11-059 Windows Windows MS11-058 Windows Windows MS11-057 Windows Internet Explorer Important Moderate Low Severity Critical 1 MS11069 Bulletin Deployment Priority Bulletin KB Disclosure Aggregate Severity Exploit Index Max Impact Deployment Priority IE (Cumulative) MS11-057 2559049 Public Critical 1 RCE 1 Bulletin resolves five privately disclosed vulnerabilities and two publicly disclosed vulnerabilities; both public issues are Moderate in severity. DNS Server MS11-058 2562485 Private Critical 3 RCE 1 Servers that do not have the DNS role enabled are not at risk from the vulnerability addressed in this bulletin; nor are workstations. CSRSS MS11-063 2567680 Private Important 1 EoP 2 Bulletin rectifies improper validation of permissions when lower-integrity processes communicate with higher-integrity processes. Remote Access MS11-062 2566454 Private Important 1 EoP 2 Windows Vista x64 SP2, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are unaffected by this issue. TCP/IP MS11-064 2563894 Private Important 3 DoS 2 Server administrators who have not manually installed the URL-based Quality of Service (QoS) feature on their systems are less affected by this issue. Remote Desktop Protocol MS11-065 2570222 Private Important 3 DoS 2 This issue is rated Important for Windows Server 2003 and Moderate for Windows XP; newer platforms are not affected. Visio MS11-060 2560978 Private Important 1 RCE 2 Users whose accounts are configured with fewer system privileges will be less affected by the issues addressed in this bulletin. Chart Control MS11-066 2567943 Private Important 3 ID 3 Default installations of the .NET Framework are not affected by the issue addressed in this bulletin. Visual Studio MS11-067 2578230 Private Important 3 ID 3 Issue affects only Microsoft Visual Studio 2005 and Microsoft Visual Studio 2005 Redistributable Package; newer platforms are not affected. Remote Desktop MS-11-061 2546250 Private Important 1 EoP 3 Affects only Windows Server 2008 R2 SP1. Potential attacks on this issue are blocked by the XSS Filter in Internet Explorer 8 and 9, when enabled. DAC MS11-059 2560656 Private Important 1 RCE 3 Bulletin addresses one privately disclosed DLL-preloading issue. Kernel MS11-068 2556532 Private Moderate NA DoS 3 To exploit this issue, an attacker would have to convince a potential victim to visit a site with a maliciously constructed page. .NET MS11-069 2567951 Private Moderate NA ID 3 Bulletin corrects manner in which the .NET Framework validates trust levels within the System.Net.Sockets namespace. Note Dial In Number 1-800-229-0449 Pin: 3750 MS11-057: Cumulative Security Update for Internet Explorer (2559049) Exploitability CVE Severity Latest Software Older Versions Comment Note CVE-2011-1257 Important NA 1 Remote Code Execution Cooperatively disclosed CVE-2011-1960 Important 3 3 Information Disclosure Cooperatively disclosed CVE-2011-1961 Important 1 1 Remote Code Execution Cooperatively disclosed CVE-2011-1962 Moderate NA NA Information Disclosure Publicly disclosed CVE-2011-1963 Critical 1 1 Remote Code Execution Cooperatively disclosed CVE-2011-1964 Critical 1 1 Remote Code Execution Cooperatively disclosed CVE-2011-2383 Moderate NA NA Information Disclosure Publicly disclosed Affected Products IE6, IE7, IE 8 and IE 9 on all supported versions of Windows and Windows Server except IE6 on Windows Server 2003, x64, and Itanium Affected Components Internet Explorer Deployment Priority 1 Main Target Workstations and Servers • Possible Attack Vectors • • Impact of Attack • • • • Mitigating Factors Additional Information IE 6 on Windows Server 2003, x64, and Itanium Browse and Own: An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. (CVE-2011-1960, 1961, 1962, 1963, 1964) Clickjacking: An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the Web site and perform a series of clicks in different Internet Explorer windows. (CVE-2011-1257) Drag and Drop: An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page and performed a drag-and-drop operation. (CVE-2011-2383) An attacker could gain the same user rights as the logged on user. (CVE-2011-1257, 1961, 1963, 1964, 1256, 1260, 1261, 1262) An attacker who successfully exploited this vulnerability could view content from another domain or Internet Explorer zone. (CVE-20111960, 1962) An attacker who successfully exploited this vulnerability could gain access to cookie files stored in the local machine. (CVE-2011-2383) • By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, which disables script and ActiveX controls. An attacker could not force a user to visit a specially crafted site. • Installations using Server Core are not affected. • Dial In Number 1-800-229-0449 Pin: 3750 MS11-058: Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485) Exploitability CVE Severity Latest Software Comment Note Older Versions CVE-2011-1966 Critical 3 3 Remote Code Execution Cooperatively disclosed CVE-2011-1970 Important 3 3 Denial of Service Cooperatively disclosed Affected Products Windows Server 2008, Windows Server 2008 x64, Windows Server 2008R2 x64 Affected Components DNS Server Deployment Priority 1 Main Target Servers running in the DNS role • Possible Attack Vectors • • Windows Server 2003, Windows Server 2003 x64, Windows Server 2003 for Itanium A remote unauthenticated attacker could exploit this vulnerability by registering a domain, creating an NAPTR DNS resource record, and then sending a specially crafted NAPTR query to the target DNS server. (CVE-2011-1066) A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted DNS query to the target DNS server for a resource record of a domain that does not exist. (CVE-2011-1970) An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the system. (CVE2011-1966) A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted DNS query to the target DNS server for a resource record of a domain that does not exist. (CVE-2011-1970) Impact of Attack • Mitigating Factors • Microsoft has not identified any mitigating factors for this issue. Additional Information • Installations using Server Core are affected. Dial In Number 1-800-229-0449 Pin: 3750 MS11-059: Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656) Exploitability CVE Severity Latest Software CVE-2011-1975 Important 1 Comment Note Remote Code Execution Cooperatively disclosed Older Versions NA Affected Products Windows 7, Windows 7 x64, Windows Server 2008R2 x64, Windows Server 2008R2 for Itanium Affected Components Data Access Components (DAC) Deployment Priority 3 Main Target Workstations • • Possible Attack Vectors Impact of Attack Mitigating Factors Additional Information In a network attack scenario, an attacker could place a legitimate Office-related file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file. In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a legitimate Excel-related file attachment (such as an .xlsx file) to a user, and convincing the user to place the attachment into a directory containing a specially crafted DLL file and to open the legitimate file. Then, while opening the legitimate file, Microsoft Office could attempt to load the DLL file and execute any code it contained. • An attacker who successfully exploited this vulnerability could run arbitrary code as the logged-on user. • For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open an Excel-related file (such as a .xlsx file). The file sharing protocol, Server Message Block (SMB), is often disabled on the perimeter firewall. This limits the potential attack vectors for this vulnerability. • • Installations using Server Core are affected. Dial In Number 1-800-229-0449 Pin: 3750 MS11-060: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978) Exploitability CVE Severity Latest Software Comment Note Older Versions CVE-2011-1972 Important 1 1 Remote Code Execution Cooperatively disclosed CVE-2011-1979 Important NA 1 Remote Code Execution Cooperatively disclosed Affected Products Visio 2003, 2007, 2010 32-bit, and 2010 64-bit Affected Components Visio Deployment Priority 2 Main Target Workstations • This vulnerability requires that a user view a specially crafted WMF image file. An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site. • Possible Attack Vectors Impact of Attack • In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Visio file to the user and by convincing the user to open the file. In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted Visio file that is used to attempt to exploit this vulnerability. An attacker would then convince a user to open the Visio file. Mitigating Factors • • An attacker would have no way to force users to visit a malicious web site. The vulnerability cannot be exploited automatically through e-mail. • Microsoft Visio 2010 Viewer is not affected. Additional Information Dial In Number 1-800-229-0449 Pin: 3750 MS11-061: Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250) Exploitability CVE Severity Latest Software CVE-2011-1263 Important 1 Comment Note Elevation of Privilege Cooperatively disclosed Older Versions NA Affected Products Windows Server 2008 R2 x64 Affected Components Remote Desktop Web Access Deployment Priority 3 Main Target Servers running the Remote Desktop Web Access role • In an e-mail attack scenario, an attacker could exploit the vulnerability by sending a specially crafted link to the user and convincing the user to click the link. • An attacker who successfully exploited this vulnerability could inject a client-side script into the user's instance of Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the Remote Desktop Web Access site. • The XSS Filter in Internet Explorer 8 and Internet Explorer 9 prevents this attack for its users when browsing to a Remote Desktop Web Access server in the Internet Zone. The XSS Filter in Internet Explorer 8 and Internet Explorer 9 is not enabled by default in the Intranet Zone. An attacker would have no way to force a user to visit a malicious site. By Remote Desktop Web Access is not installed by default. When you install Remote Desktop Web Access, Microsoft Internet Information Services (IIS) is also installed as a required component. Possible Attack Vectors Impact of Attack Mitigating Factors • • • Installation using Server Core are not affected. Additional Information Dial In Number 1-800-229-0449 Pin: 3750 MS11-062: Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454) Exploitability CVE Severity Latest Software CVE-2011-1974 Important NA Comment Note Elevation of Privilege Cooperatively disclosed Older Versions 1 Affected Products Windows XP, XP x64, Windows Server 2003, Windows Server 2003 x64, Windows Server 2003 for Itanium Affected Components NDISTAPI.sys Deployment Priority 2 Main Target Workstations • To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. • An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system. • An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. • • The NDISTAPI driver is part of the RAS architecture and interfaces the NDISWAN to TAPI services. There are no workarounds for this update. Possible Attack Vectors Impact of Attack Mitigating Factors Additional Information Dial In Number 1-800-229-0449 Pin: 3750 MS11-063: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680) Exploitability CVE Severity Latest Software CVE-2011-1967 Important Comment Note Elevation of Privilege Cooperatively disclosed Older Versions 1 1 Affected Products All supported versions of Windows and Windows Server Affected Components Client/Server Run-time Subsystem Deployment Priority 2 Main Target Workstations and Servers • To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to send a device event message to a higher-integrity process. • An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another process. • An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. • Installations using Server Core are affected. Possible Attack Vectors Impact of Attack Mitigating Factors Additional Information Dial In Number 1-800-229-0449 Pin: 3750 MS11-064: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894) Exploitability CVE Severity Latest Software Comment Note Older Versions CVE-2011-1871 Important 3 3 Denial of Service Cooperatively disclosed CVE-2011-1965 Important 3 NA Denial of Service Cooperatively disclosed Affected Products Windows Server 2008 and 2008 x64, Windows Server 2008 for Itanium, Windows Server 2008R2 x64, Windows Server 2008R2 for Itanium Affected Components TCP/IP Stack Deployment Priority 2 Main Target Workstations and Servers • Possible Attack Vectors Impact of Attack • A remote unauthenticated attacker could exploit this vulnerability by creating a program to send a sequence of specially crafted ICMP messages to a target system. (CVE-2011-1871) In a remote attack scenario, an unauthenticated attacker could exploit this vulnerability by sending a specially crafted URL request to a server that is serving Web content and has URL-based QoS enabled. (CVE-2011-1965) • An attacker who successfully exploited this vulnerability could cause the target system to stop responding and automatically restart. • By default, the URL-based Quality of Service feature is not enabled on any Windows operating system. Users would need to manually install this feature in order to be affected by this vulnerability. (CVE-2011-1965) • Installations using Server Core are affected. Mitigating Factors Additional Information Vista, Vista x64, Windows 7 and Windows 7 x64 Dial In Number 1-800-229-0449 Pin: 3750 MS11-065: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222) Exploitability CVE Severity Latest Software CVE-2011-1968 Important Comment Note Denial of Service Cooperatively disclosed Older Versions NA 3 Affected Products Windows Server 2003, Windows Server 2003 x64 and Windows Server 2003 for Itanium Affected Components Remote Desktop Protocol Deployment Priority 2 Main Target Servers • A remote unauthenticated attacker could exploit this vulnerability by sending a sequence of specially crafted RDP packets to the target system. • An attacker who successfully exploited this vulnerability could cause a user’s system to stop responding and require a restart. • By default, the Remote Desktop Protocol (RDP) is not enabled on any operating system. On Windows XP and Windows Server 2003, Remote Assistance can enable RDP. • • Installation using Server Core are affected. Systems that do not have RDP enabled are not at risk. Possible Attack Vectors Impact of Attack Mitigating Factors Additional Information Windows XP and XP x64 Dial In Number 1-800-229-0449 Pin: 3750 MS11-066: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) Exploitability CVE Severity Latest Software CVE-2011-1977 Important Comment Note Information Disclosure Cooperatively disclosed Older Versions 3 NA Affected Products .NET Framework 4.0 on all supported versions of Windows and Windows Server, Chart Control for .NET Framework 3.5 SP1 (Developer Tools) Affected Components Chart Control Deployment Priority 3 Main Target Workstations and Servers • To exploit this vulnerability, an attacker would send a specially crafted GET request to an affected server hosting the Chart controls. • An attacker who successfully exploited this vulnerability would be able to read the contents of any file within the web site directory or subdirectories, such as web.config. The web.config file often stores sensitive information. • Only web applications using Microsoft Chart Control are affected by this issue. Default installations of the .NET Framework are not affected. • • Installation using Server Core are affected in some cases. See bulletin for details. .NET 4.0 Client Profiles are not affected. Possible Attack Vectors Impact of Attack Mitigating Factors Additional Information Dial In Number 1-800-229-0449 Pin: 3750 MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230) Exploitability CVE Severity Latest Software CVE-2011-1976 Important Affected Products NA Visual Studio Deployment Priority 3 Main Target Workstations • Possible Attack Vectors • 3 Information Disclosure Cooperatively disclosed In an e-mail attack scenario, an attacker could exploit the vulnerability by sending an e-mail message containing the specially crafted link to the user of the targeted affected server and by convincing the user to click on the specially crafted link. In a Web-based attack scenario, an attacker would have to host a Web site that contains a specially crafted link to the targeted affected server that is used to attempt to exploit this vulnerability. • An attacker who successfully exploited this vulnerability could inject a client-side script in the user's browser. The script could then be used to spoof content or disclose sensitive information. • • • The vulnerability cannot be exploited automatically through e-mail. An attacker would have no way to force users to view the attacker-controlled content. By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML email messages in the Restricted sites zone, which disables script and ActiveX controls. • By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Impact of Attack Additional Information Note Visual Studio 2005 and 2005 Redistributable Package Affected Components Mitigating Factors Comment Older Versions Dial In Number 1-800-229-0449 Pin: 3750 MS11-068: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532) Exploitability CVE Severity Latest Software CVE-2011-1971 Moderate Affected Products NA Note NA Denial of Service Cooperatively disclosed Vista and x64; Windows Server 2008 , x64, and Itanium; Windows 7 and x64; Windows Server 2008 R2 x64 and Itanium Affected Components Kernel Deployment Priority 3 Main Target Workstations • Possible Attack Vectors Comment Older Versions • In a Web-based attack scenario, an attacker would have to host a Web site that points to a specially crafted file on a network share. Then, when the user navigates to the Web site, the affected control path is triggered via the Details and Preview panes in Windows Explorer. In a network-share based attack scenario, an attacker could host a specially crafted file on a network share. Then, when the user navigates to the share in Windows Explorer, the affected control path is triggered via the Details and Preview panes. • An attacker who successfully exploited this vulnerability could cause the affected system to restart. • • The vulnerability cannot be exploited automatically through e-mail. An attacker would have no way to force users to view the attacker-controlled content. • Installations using Server Core are not affected. Impact of Attack Mitigating Factors Additional Information Dial In Number 1-800-229-0449 Pin: 3750 MS11-069: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951) Exploitability CVE Severity Latest Software CVE-2011-1978 Moderate Comment Note Information Disclosure Cooperatively disclosed Older Versions NA NA Affected Products .NET 2.0, 3.5.1, 4.0 on all supported versions of Windows and Windows Server. Affected Components .NET Framework Deployment Priority 3 Main Target Workstations and Servers • • Possible Attack Vectors • • • Impact of Attack • • • Mitigating Factors • Additional Information • • • Web browsing: An attacker could host a specially crafted Web site that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the Web site. Web hosting: If a Web hosting environment allows users to upload custom ASP.NET applications, an attacker could upload a malicious ASP.NET application that uses this vulnerability to break out of the sandbox used to prevent ASP.NET code from performing harmful actions on the server system. Windows .NET applications: This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. An attacker who successfully exploited this vulnerability would be able to access information not intended to be exposed. This vulnerability could be used by an attacker to direct network traffic from a victim's system to other network resources the victim can access. This could also allow an attack to perform a denial of service to any system the victim's system can access or use the victim's system to perform scanning of network resources available to the victim. An attacker would have no way to force users to visit these Web sites. In a Web-hosting scenario, an attacker must have permission to upload arbitrary ASP.NET pages to a Web site and ASP.NET must be installed on that Web server. By default, Internet Explorer on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 runs in a restricted mode known as Enhanced Security Configuration. Installations using Server Core are affected in some cases; see bulletin for details. .NET 3.51.1 and 3.5 are not affected. .NET 4 and .NET 4 Client Profiles are affected. Dial In Number 1-800-229-0449 Pin: 3750 Detection & Deployment Bulletin Windows Update Microsoft Update MBSA 2.2 WSUS 3.0 SMS 2003 with ITMU SCCM 2007 IE (Cumulative) MS11-057 Yes Yes Yes Yes Yes Yes DNS Server MS11-058 Yes Yes Yes Yes Yes Yes DAC MS11-059 Yes Yes Yes Yes Yes Yes Visio MS11-060 No Yes Yes Yes Yes Yes Remote Desktop MS-11-061 Yes Yes Yes Yes Yes Yes Remote Access MS11-062 Yes Yes Yes Yes Yes Yes CSRSS MS11-063 Yes Yes Yes Yes Yes Yes TCP/IP MS11-064 Yes Yes Yes Yes Yes Yes Remote Desktop Protocol MS11-065 Yes Yes Yes Yes Yes Yes SQL/.NET MS11-066 Yes Yes Yes Yes Yes Yes Visual Studio MS11-067 No Yes Yes Yes Yes Yes Kernel MS11-068 Yes Yes Yes Yes Yes Yes .NET MS11-069 Yes Yes Yes Yes Yes Yes Dial In Number 1-800-229-0449 Pin: 3750 Other Update Information Bulletin Restart Uninstall Replaces IE (Cumulative) MS11-057 Yes Yes MS11-050 DNS Server MS11-058 Yes Yes MS09-008, MS11-046 DAC MS11-059 Yes Yes None Visio MS11-060 Maybe Yes MS11-008 Remote Desktop MS-11-061 Yes No None Remote Access MS11-062 Yes Yes None CSRSS MS11-063 Yes Yes MS10-069 TCP/IP MS11-064 Yes Yes MS10-058 Remote Desktop Protocol MS11-065 Yes Yes None .NET (Chart Control) MS11-066 Maybe Yes None Visual Studio MS11-067 Maybe Yes MS09-062 Kernel MS11-068 Yes Yes MS10-047 .NET MS11-069 Maybe Yes MS11-039 Dial In Number 1-800-229-0449 Pin: 3750 Security Advisories SA 2562937: Update Rollup for ActiveX Kill Bits This Advisory contains killbits for the following third-party software products: • • • Check Point SSL VPN On-Demand applications (Check Point Software Technologies) ActBar (IBM) EBI R Web Toolkit (Honeywell) All three vendors have issued advisories and/or updates on their sites regarding these issues. Dial In Number 1-800-229-0449 Pin: 3750 Bulletin Re-releases • MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution – – Microsoft is rereleasing this bulletin to add Visual Studio 2010 Service Pack 1 and the Visual C++ 2010 Redistributable Package SP1 as Affected Software. We are also correcting the file verification information for the Visual C++ 2005 SP1 Redistributable Package, the Visual C++ 2008 SP1 Redistributable Package, and the Visual C++ 2010 Redistributable Package. • MS11-043: Vulnerability in SMB Client Could Allow Remote Code Execution – This bulletin is being re-released to refine the update’s behavior when performing certain data writes. • MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure – This bulletin is being re-released to address additional SKUs. Dial In Number 1-800-229-0449 Pin: 3750 Announcing… The BlueHat Prize: One week after On August 3 at Black Hat, we introduced the BlueHat Prize, to be awarded to promising defensive-security mitigations. Top award? $200,000. The response to the initial announcement has been gratifying… - See a video overview of the announcement with Senior Security Strategist and program architect Katie Moussouris at www.bluehatprize.com. Dial In Number 1-800-229-0449 Pin: 3750 Windows Malicious Software Removal Tool (MSRT) • During this release Microsoft will increase detection capability for the following families in the MSRT: – Win32/FakeSysdef: A top rogue that is causing dramatic customer issues. FakeSysdef tends to kill some antimalware solutions, though MSRT is not susceptible. – Win32/Hiloti: Another prevalent trojan downloader. It’s also known for killing certain antimalware packages, though again MSRT is not susceptible. • Available as a priority update through Windows Update or Microsoft Update. • Is offered through WSUS 3.0 or as a download at: www.microsoft.com/malwareremove. Dial In Number 1-800-229-0449 Pin: 3750 Questions and Answers • Submit text questions using the “Ask” button. • Don’t forget to fill out the survey. • A recording of this webcast will be available within 48 hours on the MSRC Blog: http://microsoft.com/msrcblog Register for next month’s webcast at: http://microsoft.com/technet/security/current.aspx Dial In Number 1-800-229-0449 Pin: 3750 Resources Blogs • Microsoft Security Response Center (MSRC) blog: www.microsoft.com/msrcblog • Security Research & Defense Blog: http://blogs.technet.com/srd • Microsoft Malware Protection Center Blog: http://blogs.technet.com/mmpc/ Twitter • @MSFTSecResponse Security Centers • Microsoft Security Home Page: www.microsoft.com/security • TechNet Security Center: www.microsoft.com/technet/security • MSDN Security Developer Center: http://msdn.microsoft.com/enus/security/default.aspx • Microsoft Malicious Software Removal Tool: www.microsoft.com/malwareremove Bulletins, Advisories, Notifications & Newsletters • Security Bulletins Summary: www.microsoft.com/technet/security/bulletin/sum mary.mspx • Security Bulletins Search: www.microsoft.com/technet/security/current.aspx • Security Advisories: www.microsoft.com/technet/security/advisory/ • Microsoft Technical Security Notifications: www.microsoft.com/technet/security/bulletin/notify .mspx • Microsoft Security Newsletter: www.microsoft.com/technet/security/secnews Other Resources • Update Management Process: http://www.microsoft.com/technet/security/guidanc e/patchmanagement/secmod193.mspx • Microsoft Active Protection Program Partners: http://www.microsoft.com/security/msrc/mapp/part ners.mspx Dial In Number 1-800-229-0449 Pin: 3750
