Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Smokeys is looking for 'Updaters.
If you have  knowledge of Updates or a willingness to learn, please send  'Starbuck' or 'Tinker' a PM with your details.
Thanks.

OTL Log Analysis and Malware Removal - Qualified PC Disinfection & Cleaning - Microsoft Security Info & Alert Center - Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: December 2009 Security Bulletin Webcast  (Read 160 times)

0 Members and 1 Guest are viewing this topic.

ScarlettTopic starter

  • Updates Moderator
  • *
  • Offline Offline
  • location: Cymru
  • Posts: 7621
December 2009 Security Bulletin Webcast
« Reply #1 on: December 12, 2009, 09:01:49 AM »
December 2009 Security Bulletin Webcast
12 December 2009, 5:41 am

Hello again. This is Jerry Bryant letting you know that the questions and answers from the December 2009 security bulletin webcast have now been posted here.

There is one question that I wanted to provide a little more information on and that references reports of KB973917 causing problems with Internet Information Services (IIS) 6.0 running on Windows Server 2003 SP2. There are scenarios where the system can be in a state where the correct core IIS .dll files are not in place. This may be the case if SP2 did not install correctly or if IIS 6.0 was installed on the system from a Windows Server 2003 Gold or SP1 CD after SP2 was installed. KB2009746 has more information on this and how to resolve the issue which is to essentially reinstall SP2 to get the right binaries on the machine.

To be clear, KB973917 references a non-security update that implements Extended Protection for Authentication in IIS. This is part of our overall work to address credential relaying attacks on Integrated Windows Authentication as described in Security Advisory 974926 that we released on Tuesday. The updates in question are not addressing vulnerabilities and I just wanted to clarify that point. To learn more about this work, please read the advisory and also this excellent blog post by Maarten Van Horenbeeck from the MSRC: http://blogs.technet.com/srd/archive/2009/12/08/extended-protection-for-authentication.aspx.

At this time, our Customer Service and Support group are not reporting any major issues with this month’s bulletins. If you do experience any issues obtaining or installing security updates, please visit https://consumersecuritysupport.microsoft.com for some great trouble shooting tips as well as various support options. You can also call 1-866-PCSafety (1-866-727-2338) in the US. For more regional contact numbers, please visit http://support.microsoft.com.

The video below is from the webcast where Adrian Stone and I went in to detail on each bulletin. As we have been saying, MS09-072 should have the highest priority this month. Especially for users of IE 6 and IE 7.

         More listening and viewing options:        

Windows Media Video (WMV)            Windows Media Audio (WMA)            iPod Video (MP4)            MP3 Audio            High Quality WMV (2.5 Mbps)            Zune Video (WMV)                          Our next webcast is scheduled for January 13 at 11:00 a.m. PST (UTC -8). Click HERE to register now.

Thank you!

Jerry Bryant

*This posting is provided "AS IS" with no warranties, and confers no rights*



Source: The Microsoft Security Response Center (MSRC)

>> To obtain the full Microsoft Security Center - MSRC article, click the link in the first post line <<
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
 BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content Copyright © 2006 - 2010 Smokey Services™ -- All rights reserved

Surf Smokey's with confidence: all external links in posts are checked and rated by WOT - Web of Trust
Security Knowledge-, Alert- & News Center and Comprehensive Microsoft Windows Information & Download Center
Board- and databases search functions and the download of post attachments are only available to registered board members

    


==>Think your PC is infected? Click here for OTL Log Analysis and Malware Removal Assistance<==


Smokey's Security Forums provide full qualified OTL Log Analysis & Cleaning Services
OTL (formerly OTListIt2) by OldTimer is a sophisticated, comprehensive log analysis tool to clean PCs with malicious content

Microsoft Security Info & Alert Center - most recent, real-time released Microsoft Security Bulletins, Alerts, Advisories and Vulnerabilities:
<div style="background-color: none transparent;"><a href="http://www.rsspump.com/?web_widget/rss_widget" title="rss widget">Rss widget</a></div>