Happy New Year! Coming into 2009, I am passionate about the numerous measures Microsoft is taking to protect customers and enable a more trusted computing experience. These measures include providing active response, extensive analysis and timely, prescriptive guidance on emerging privacy and security threats.
As part of this overall effort, I will continue to provide guidance to help you in your overall risk assessments and deployment strategies for security updates. In particular, my goal is to help you quickly get to the "bottom line" of what you need to know.
In this month's column, I will review the salient points of the January release and go over what is being released for the Malicious Software Removal Tool (MSRT).
Microsoft Security Bulletin MS09-001
For the opening month of 2009, we are releasing one security update that addresses several vulnerabilities in Server Message Block (SMB). The most severe vulnerability is rated as 'Critical,' with the possibility of an unauthenticated remote execution of arbitrary code. However, in most cases, this vulnerability would result in a system denial-of-service condition. As noted in the bulletin, domain controllers are at a greater risk for this vulnerability than workstations or other servers -- something to keep in mind when devising your deployment strategies.
It is also important to note that Windows Vista and Windows Server 2008 are rated as 'Moderate' because file sharing is disabled by default on systems with these versions installed.
For additional information regarding this vulnerability, please visit Microsoft's Security Vulnerability Research & Defense blog. The blog's intent is to protect customers by providing more information about Microsoft vulnerabilities and active attacks, as well as mitigations and workarounds. Microsoft discovers this information during technical investigation of security issues; we feel it is important to share this information with you, along with extensive analyses that enhances your understanding of the issues.
We continue to provide updates to the MSRT, which can help you protect yourselves from prevalent malware threats. In that vein, we are adding two new threat families to the MSRT: Win32/Banload and Win32/Conficker. Win32/Banload is a Trojan downloader associated with Win32/Banker, which is a very prevalent Trojan that steals banking credentials and other sensitive data. Win32/Conficker is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). The vulnerability is documented in Microsoft Security Bulletin MS08-067. For additional information, click on the aforementioned malware names or visit the Microsoft Malware Protection Center (MMPC) blog.
In closing, please take a moment and register for our monthly security bulletin webcast, which will be held on Wednesday, Jan. 14, at 11 a.m. PDT.
Security Response Communications Lead Christopher Budd and Lead Security Program Manager Adrian Stone will review information about each bulletin to further aid you in planning and deployment. Immediately following the review session they will answer questions with information from our assembled panel of experts. If you are not able to view the live webcast, it will also be available on demand.
In addition, please take a moment and mark your calendars for the February 2009 monthly bulletin release scheduled for Tuesday, Feb. 10, and the advance notification scheduled for Thursday, Feb. 5. Look for the February edition of this column on release day to help you plan and deploy the most recent security bulletins.