[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 444/05 - Microsoft Advanced Notification



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 444/05 dated 10.06.05  Time: 15:45  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Microsoft Advanced Notification

Detail
====== 

As part of the monthly security bulletin release cycle, Microsoft 
provides advance notification to our customers on the number of new 
security updates being released, the products affected, the 
aggregate maximum severity and information about detection tools 
relevant to the update. 



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Advanced Notification
Issued: June 09, 2005
********************************************************************

Summary
=======

As part of the monthly security bulletin release cycle, Microsoft 
provides advance notification to our customers on the number of new 
security updates being released, the products affected, the 
aggregate maximum severity and information about detection tools 
relevant to the update. 

On 14 June 2005 the Microsoft Security Response Center is planning 
to release:

Security Updates

 - 7 Microsoft Security Bulletins affecting Microsoft Windows. The 
greatest aggregate, maximum severity rating for these security 
updates is Critical. Some of these updates will require a restart. 5 
of these updates will be detectable using the Microsoft Baseline 
Security Analyzer (MBSA), 2 of these updates will be detectable 
using the Enterprise Scanning Tool (EST).

 - 1 Microsoft Security Bulletin affecting Microsoft Windows and 
Microsoft Services for UNIX. The greatest aggregate, maximum 
severity rating for these security updates is Moderate. These 
updates may require a restart. These updates will be detectable 
using the Microsoft Baseline Security Analyzer (MBSA) and using the 
Enterprise Scanning Tool (EST).

 - 1 Microsoft Security Bulletin affecting Microsoft Exchange. The 
greatest aggregate, maximum severity rating for this security update 
is Important. This update will not require a restart. This update 
will be detectable using the Microsoft Baseline Security Analyzer 
(MBSA) and using the Enterprise Scanning Tool (EST).

 - 1 Microsoft Security Bulletin affecting Microsoft Internet 
Security and Acceleration (ISA) Server and Small Business Server. 
The greatest aggregate, maximum severity rating for these security 
updates is Moderate. These updates may require a restart. This 
update will be detectable using the Enterprise Scanning Tool (EST).

Microsoft Windows Malicious Software Removal Tool

 - Microsoft will release an updated version of the Microsoft 
Windows Malicious Software Removal Tool on Windows Update, Microsoft 
Update, Windows Server Update Services and the Download Center. 
Note that this tool will NOT be distributed using Software Update 
Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

 - Microsoft will NOT release any NON-SECURITY High-Priority Updates 
for Windows on Microsoft Update (MU), Windows Update (WU), Windows 
Server Update Services (WSUS) and Software Update Services (SUS).

Although we do not anticipate any changes, the number of bulletins, 
products affected, restart information and severities are subject to 
change until released. 

Microsoft will host a webcast next week to address customer 
questions on these bulletins. For more information on this webcast 
please see below:
 - TechNet Webcast: Information about Microsoft's June Security 
Bulletins (Level 100)   
 - Wednesday, June 15, 2005 11:00 AM (GMT-08:00) Pacific Time (US & 
Canada) 
 - 
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=e
n-US&EventID=1032275405&EventCategory=4

At this time no additional information on these bulletins such as 
details regarding severity or details regarding the vulnerability 
will be made available until 14 June 2005.
********************************************************************

Support: 
========
Technical support is available from Microsoft Product Support 
Services at 1-866-PC SAFETY (1-866-727-2338). There is no 
charge for support calls associated with security updates. 
International customers can get support from their local Microsoft 
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx
 
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
  valuable information to help you protect your network. This
  newsletter provides practical security tips, topical security
  guidance, useful resources and links, pointers to helpful
  community resources, and a forum for you to provide feedback
  and ask security-related questions.
  You can sign up for the newsletter at:

  http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
  serves as a supplement to the Security Notification Service
  (this e-mail). The Microsoft Security Notification Service: 
  Comprehensive Version. It provides timely notification of any 
  minor changes or revisions to previously released Microsoft 
  Security Bulletins and Security Advisories. This new service 
  provides notifications that are written for IT professionals and 
  contain technical information about the revisions to security 
  bulletins. To register visit the following Web site:

  http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you 
  can help protect your PC at the following locations: 

  http://www.microsoft.com/security/protect/

  If you receive an e-mail that claims to be distributing a 
  Microsoft security update, it is a hoax that may be distributing a 
  virus. Microsoft does not distribute security updates via e-mail. 
  You can learn more about Microsoft's software distribution 
  policies here: 

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx


********************************************************************
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS 
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT 
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING 
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE 
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, 
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL 
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN 
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY 
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING 
LIMITATION MAY NOT APPLY.
********************************************************************

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBQqiAdoreEgaqVbxmAQL6txAAjxQFN1gn4TI5gpwbHeiPIxEBTIh122MM
eld9h6NCLBbOY+bT7CABFWsoFoqDoFoyx7OjwzkatmlkjjKxRQdpDmwlc81jT5gl
dmGA2/hHp4slRh4zc+MLq/cflUW753+JBtwe1T97lYwJoLW/Ac+tfPKQOwo4Bk+o
rkKJTh5RuvYOAq0zD4l5iPLpxVMWXCXPssoWoZ1wWeAJZR6E/agZOcvw2VP71yUL
wMi1COC5NxTPYnBOzTdaIIRrLkxjfYaWanozGwFSs5P0MOX/u3ZacxXgDxtJWpTT
z5pY4REcX1RC6GfWRAVXv+rSKKgCdCaPeqe+H1NcMnmBM/yL9QQwM1bKRg9pTT8R
ynjdSK33f+ISx5sQ80G21Mkl+MZj/mOtEyNBe0NRaF538drWxz1htKwNw8W1o1jN
SzhypqiCGGLvwVT7hcSODlh8DrKRHgJ6H5mKZ6haEhThWujaO9ARiJFXKjEhVFKG
dibCawL9EsnU3l7u+jmvd84wDVQEknsGOX++k5DZgOFrql4OsJgOivd1NqSEwP45
QwQs/CrLL4L2pDmSMl/ARw/Dvkwe3uTsvJBJMIUKSrKBWMK2FYU76czohCdnft2W
UF0fzIE++yi28tzlyR9Eg22ZYLQAKnGZT7Dy3HMfPtMABQyr9eITi0rKaTB0RWip
jW2oUmzh5lQ=
=UZQ9
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Microsoft for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQqmlgIpao72zK539AQFUNwP+I4qAwk3I771VnGzgbyeFgogwLUwL+b6R
JWcR/O/uflzh8DD77Lv2mIQ3zNaVei0hm8VypfqBPgYHyjelvTkaZ/wWQS1E5mWl
fELcCW8FROVzC0UhdkSkl8rUoH2YI9wyo7AKatwMbvNUJl1etb8QC9OGdT+kIA0A
1sODiyY+AaA=
=40LS
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________