Jump to content
Sign in to follow this  
jkandra

Microsoft has released patch early

Recommended Posts

Subject:  Microsoft Security Response Center Bulletin Notification

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

********************************************************************

Title: Microsoft Security Response Center Bulletin Notification

Issued: January 05, 2006

********************************************************************

Summary

=======

Important Information for Thursday 5 January 2006

Microsoft announced that it would release a security update to help

protect customers from exploitations of a vulnerability in the

Windows Meta File (WMF) area of code in the Windows operating system

on Tuesday, January 2, 2006, in response to malicious and criminal

attacks on computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006,

earlier than planned.

Microsoft originally planned to release the update on Tuesday,

January 10, 2006 as part of its regular monthly release of security

bulletins, once testing for quality and application compatibility

was complete. However, testing has been completed earlier than

anticipated and the update is ready for release.

In addition, Microsoft is releasing the update early in response to

strong customer sentiment that the release should be made available

as soon as possible.

Microsoft's monitoring of attack data continues to indicate that the

attacks are limited and are being mitigated both by Microsoft's

efforts to shut down malicious Web sites and with up-to-date

signatures form anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

Enterprise customers who are using Windows Server Update Services

will receive the update automatically. In additional the update is

supported Microsoft Baseline Security Analyzer 2.0, Systems

Management Server, and Software Update Services. Enterprise

customers can also manually download the update from the Download

Center.

Microsoft will hold a special Web cast on Friday, January 6, 2006,

to provide technical details on the MS06-001 and to answer questions.

Registration details will be available at

http://www.microsoft.com/technet/security/default.mspx.

Microsoft will also be releasing additional security updates on

Tuesday, January 10, 2006 as part of its regularly scheduled release

of security updates.

What is this alert?

As part of the monthly security bulletin release cycle, Microsoft

provides advance notification to our customers on the number of new

security updates being released, the products affected, the

aggregate maximum severity and information about detection tools

relevant to the update. This is intended to help our customers plan

for the deployment of these security updates more effectively.

In addition, to help customers prioritize monthly security updates

with any non-security updates released on Microsoft Update, Windows

Update, Windows Server Update Services and Software Update Services

on the same day as the monthly security bulletins, we also provide:

.    Information about the release of updated versions of the

Microsoft Windows Malicious Software Removal Tool.

.    Information about the release of NON-SECURITY, High Priority

updates on Microsoft Update (MU), Windows Update (WU), Windows

Server Update Services (WSUS) and Software Update Services (SUS).

Note that this information will pertain ONLY to updates on Windows

Update and only about High Priority, non-security updates being

released on the same day as security updates. Information will NOT

be provided about Non-security updates released on other days.

On 10 January 2006 Microsoft is planning to release:

Security Updates

.    1 Microsoft Security Bulletin affecting Microsoft Windows. The

highest Maximum Severity rating for these is Critical. These updates

may require a restart. These updates will be detectable using the

Microsoft Baseline Security Analyzer (MBSA).

.    1 Microsoft Security Bulletin affecting Microsoft Exchange and

Microsoft Office. The highest Maximum Severity rating for these is

Critical. These updates may require a restart. These updates will be

detectable using the Microsoft Baseline Security Analyzer (MBSA).

Microsoft Windows Malicious Software Removal Tool

.    Microsoft is planning to release an updated version of the

Microsoft Windows Malicious Software Removal Tool on Windows Update,

Microsoft Update, Windows Server Update Services and the Download

Center.

Note that this tool will NOT be distributed using Software Update

Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

.    Microsoft is planning to release 1 NON-SECURITY High-Priority

Update on Windows Update (WU) and Software Update Services (SUS).

.    Microsoft is planning release 3 NON-SECURITY High-Priority

Updates on Microsoft Update (MU) and Windows Server Update Services

(WSUS)

Although we do not anticipate any changes, the number of bulletins,

products affected, restart information and severities are subject to

change until released.

Microsoft will host a webcast next week to address customer

questions on these bulletins. For more information on this webcast

please see below:

.    TechNet Webcast: Information about Microsoft's Security

Bulletins (Level 100)

.    Wednesday, January 11, 2006 11:00 AM (GMT-08:00) Pacific Time

(US & Canada

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1

032287360&EventCategory=4&culture=en-US&CountryCode=US

At this time no additional information on these bulletins such as

details regarding severity or details regarding the vulnerability

will be made available until 10 January 2006.

********************************************************************

Support:

========

Technical support is available from Microsoft Product Support

Services at 1-866-PC SAFETY (1-866-727-2338). There is no

charge for support calls associated with security updates.

International customers can get support from their local Microsoft

subsidiaries. Phone numbers for international support can be found

at: http://support.microsoft.com/common/international.aspx

Microsoft Support Lifecycle for Business and Developer Software

===============================================================

The Microsoft Support Lifecycle policy provides consistent and

predictable guidelines for product support availability at the

time that the product is released. Under this policy, Microsoft

will offer a minimum of ten years of support. This includes five

years of Mainstream Support and five years of Extended Support for

Business and Developer products. Microsoft will continue to provide

security update support, at a supported Service Pack level, for a

minimum of ten years through the Extended support phase. For more

information about the Microsoft Support Lifecycle, visit

http://support.microsoft.com/lifecycle/ or contact your Technical

Account Manager.

Additional Resources:

=====================

* Microsoft has created a free monthly e-mail newsletter containing

valuable information to help you protect your network. This

newsletter provides practical security tips, topical security

guidance, useful resources and links, pointers to helpful

community resources, and a forum for you to provide feedback

and ask security-related questions.

You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that

serves as a supplement to the Security Notification Service

(this e-mail). The Microsoft Security Notification Service:

Comprehensive Version. It provides timely notification of any

minor changes or revisions to previously released Microsoft

Security Bulletins and Security Advisories. This new service

provides notifications that are written for IT professionals and

contain technical information about the revisions to security

bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you

can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a

Microsoft security update, it is a hoax that may be distributing a

virus. Microsoft does not distribute security updates via e-mail.

You can learn more about Microsoft's software distribution

policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS

PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT

DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING

THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

PURPOSE.

IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE

LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,

INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL

DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN

ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY

FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING

LIMITATION MAY NOT APPLY.

********************************************************************

-----BEGIN PGP SIGNATURE-----

Version: PGP 8.1

iQIVAwUBQ715XhCvwTv3q93mAQJxRw/+PYqufqRzj36bSkAhpmT0y9C58037hti1

WpGeHvqShVfQwUTOohAZSPprshYrwdngZmip2LHx7QrqjbD0GEYxgfeReLXAtbTQ

PBAUhiikAWoKbcopt6ij1nD/v0yJVzWcHVu0o0I8BLEYBqJdXzfVqAUeiSgCQjKd

kaR7ZtP0wAGrfXsvaOfp0sHodenFohAMm6MCm8uSvExilY8O7VyUR5Jl/1jSe5+p

rqb848+7njcvrDdfY1Y0P3L3/Qgn+64YSg/yrnBxXAO3IFyEMySxLK2augvLSlCK

JkVlVqIcJE0ZG9llKiNJSCjTa+BFD4hbQ0WtD8/hV2R9BGmv4wNzeIhMFu4eP28r

Fi/5RKPVshV05REpZK2S0OHb2roDtHqiGBQnR5xBCC8K7vjJSWA88py6wO79/X2n

pvtNj8G2XSJa6xz9n9NvDusc+dimlxP5Vrvphv6A314r7ecOVnZ/8KQnGEpzbUXz

M5TCSgKJIGyWYQxyhpFdp0VucuiDSAqi5SRONua8UHIVi4P6CBHwmJMWckJD/U/F

mBlkZknho0c3gNLhOd4Tdo+6Rke21Bn8rFxEWW+T6PXf2oHrhqbkxxMDkZp8Z0vZ

gHJRTTyu3AakuyOK6r2Olmykr1zAsLOwBQa/ZVEvLo3fuDXON1SnC3JFNbLd4VM4

wAIxCmFDh5o=

=0+U2

-----END PGP SIGNATURE-----

To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site <http://www.microsoft.com/misc/unsubscribe.htm>;. You can manage all your Microsoft.com communication preferences at this site.

Legal Information <http://www.microsoft.com/info/legalinfo/default.mspx>;.

This newsletter was sent by the Microsoft Corporation

1 Microsoft Way

Redmond, Washington, USA

98052

Share this post


Link to post
Share on other sites

How many critical security flaws does it take to get a monolithic software company to respond quickly? One, if the customers are noisy enough. ~ lol

. . .go get your update;

Security Update for Windows XP (KB912919)

Date last published: 1/5/2006

Typical download size: 196 KB

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...