The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

JANUARY 2006 MICROSOFT SECURITY RESPONSE CENTER BULLETIN RELEASE

Important Information for Thursday 5 January 2006

Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned.

Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete.
However, testing has been completed earlier than anticipated and the update is ready for release.

In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

Enterprise customers who are using Windows Server Update Services will receive the update automatically.  In additional the update is supported Microsoft Baseline Security Analyzer 2.0, Systems Management Server, and Software Update Services.  Enterprise customers can also manually download the update from the Download Center.

Microsoft will hold a special Web cast on Friday, January 6, 2006, to provide technical details on the MS06-001 and to answer questions.
Registration details will be available at http://www.microsoft.com/technet/security/default.mspx.

Microsoft will also be releasing additional security updates on Tuesday, January 10, 2006 as part of its regularly scheduled release of security updates.

What is this alert?

As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.

In addition, to help customers prioritize monthly security updates with any non-security updates released on Microsoft Update, Windows Update, Windows Server Update Services and Software Update Services on the same day as the monthly security bulletins, we also provide:

*    Information about the release of updated versions of the
Microsoft Windows Malicious Software Removal Tool.
*    Information about the release of NON-SECURITY, High Priority
updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS). Note that this information will pertain ONLY to updates on Windows Update and only about High Priority, non-security updates being released on the same day as security updates. Information will NOT be provided about Non-security updates released on other days.

On 10 January 2006 Microsoft is planning to release:

Security Updates
*    1 Microsoft Security Bulletin affecting Microsoft Windows. The
highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).
*    1 Microsoft Security Bulletin affecting Microsoft Exchange and
Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).

Microsoft Windows Malicious Software Removal Tool
*    Microsoft is planning to release an updated version of the
Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS
*    Microsoft is planning to  release 1 NON-SECURITY High-Priority
Update on Windows Update (WU) and Software Update Services (SUS).
*    Microsoft is planning release 3 NON-SECURITY High-Priority
Updates on Microsoft Update (MU) and Windows Server Update Services
(WSUS)

Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.

Microsoft will host a webcast next week to address customer questions on these bulletins. For more information on this webcast please see below:
*    TechNet Webcast: Information about Microsoft’s Security
Bulletins (Level 100)
*    Wednesday, January 11, 2006 11:00 AM (GMT-08:00) Pacific Time
(US & Canada
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=10322
87360&EventCategory=4&culture=en-US&CountryCode=US
At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until 10 January 2006.

Advertisements

January 5, 2006 - Posted by | Antivirus News, Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: