News Stay informed about the latest enterprise technology news and product updates.

Inside the MSRC: Microsoft describes Server Message Block update

Microsoft's Bill Sisk gives an overview of the critical Server Message Block update.

Happy New Year! Coming into 2009, I am passionate about the numerous measures Microsoft is taking to protect customers and enable a more trusted computing experience. These measures include providing active response, extensive analysis and timely, prescriptive guidance on emerging privacy and security threats.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

As part of this overall effort, I will continue to provide guidance to help you in your overall risk assessments and deployment strategies for security updates. In particular, my goal is to help you quickly get to the "bottom line" of what you need to know.

In this month's column, I will review the salient points of the January release and go over what is being released for the Malicious Software Removal Tool (MSRT).

Microsoft Security Bulletin MS09-001
For the opening month of 2009, we are releasing one security update that addresses several vulnerabilities in Server Message Block (SMB). The most severe vulnerability is rated as 'Critical,' with the possibility of an unauthenticated remote execution of arbitrary code. However, in most cases, this vulnerability would result in a system denial-of-service condition. As noted in the bulletin, domain controllers are at a greater risk for this vulnerability than workstations or other servers -- something to keep in mind when devising your deployment strategies.

About Inside MSRC:
As part of a special partnership with, Bill Sisk, the response communication manager for the Microsoft Security Response Center (MSRC), offers an inside look at the process that leads up to "Patch Tuesday" and guidance to help security professionals make the most out of the software giant's security updates.

Also see:

Inside MSRC: Microsoft issues guidance on critical flaws

Inside MSRC: Microsoft addresses XML Core Services flaw, RPC flaw 

Inside MSRC: Microsoft issues advice for critical server flaws

It is also important to note that Windows Vista and Windows Server 2008 are rated as 'Moderate' because file sharing is disabled by default on systems with these versions installed.

For additional information regarding this vulnerability, please visit Microsoft's Security Vulnerability Research & Defense blog. The blog's intent is to protect customers by providing more information about Microsoft vulnerabilities and active attacks, as well as mitigations and workarounds. Microsoft discovers this information during technical investigation of security issues; we feel it is important to share this information with you, along with extensive analyses that enhances your understanding of the issues.

We continue to provide updates to the MSRT, which can help you protect yourselves from prevalent malware threats. In that vein, we are adding two new threat families to the MSRT: Win32/Banload and Win32/Conficker. Win32/Banload is a Trojan downloader associated with Win32/Banker, which is a very prevalent Trojan that steals banking credentials and other sensitive data. Win32/Conficker is a worm that infects other computers across a network by exploiting a vulnerability in the Windows Server service (SVCHOST.EXE). The vulnerability is documented in Microsoft Security Bulletin MS08-067. For additional information, click on the aforementioned malware names or visit the Microsoft Malware Protection Center (MMPC) blog.

Additional Information
In closing, please take a moment and register for our monthly security bulletin webcast, which will be held on Wednesday, Jan. 14, at 11 a.m. PDT.

Security Response Communications Lead Christopher Budd and Lead Security Program Manager Adrian Stone will review information about each bulletin to further aid you in planning and deployment. Immediately following the review session they will answer questions with information from our assembled panel of experts. If you are not able to view the live webcast, it will also be available on demand.

In addition, please take a moment and mark your calendars for the February 2009 monthly bulletin release scheduled for Tuesday, Feb. 10, and the advance notification scheduled for Thursday, Feb. 5. Look for the February edition of this column on release day to help you plan and deploy the most recent security bulletins.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.