The View from the Situation Room

Hi everyone, Mike Reavey here.  I wanted to take a moment and blog live from our MSRC Situation Room.  (those of you watching CNN this morning got a glimpse of it!)  The Situation Room is a dedicated room inside the Microsoft campus.  When there is a problem or an attack impacting customers, we bring all of the right people into that room to work on the problem.  That means at any given time during an incident there’s lot of people, a lot of empty coke cans, and a lot of pizza boxes.  Sometimes there’s a sleeping bag in the corner, or it might be a pile of stuff someone fashioned into a spot to nap in the middle of the night.  The room allows us to bring together our experts and develop our guidance, and we’re here as long as it takes.


So I wanted to provide you all with some more information on Zotob. We’ve published a statement on our PressPass site regarding this issue and want to reiterate that customers running any version other than Windows 2000 are still thus far not impacted by the Zotob attack itself.  And if you have applied the MS05-039 update to Windows 2000 you likewise are not impacted.  We’re still not seeing an internet-wide event here, and infection rates remain low.  But we’re working to continue our investigations and provide the guidance you need to be protected and recover from the impact of an attack.  There will probably be more variants of the attack, and we are working to break down each one and make sure our guidance is still accurate.


That includes helping people get MS05-039 on their systems. A firewall can of course provide some interim protection, however for Windows 2000 users really the best remediation is to make sure the update is applied to the system.  In fact, it’s important to keep in mind that no matter what operating system you are on, all of the most current updates should be applied!


Right now, the MS05-039 update is deployable through SUS 1.0, WSUS, and SMS.  It’s also fully supported by MBSA 2.0 as well as the previous version of MBSA.  Individual machines can obtain the update either from Microsoft Update or Windows Update.  Customers have also asked us “how do I enable automatic updates on Windows 2000?”  Check out this knowledge base article.  It has all the steps needed to help make sure your Windows 2000 computers are automatically kept up to date.


If you are having difficulty applying this update, I want to remind everyone we’re here to help.  Our Product Support Services team can be contacted at 1-866-PCSAFETY in the United States and Canada for no charge help if you have been impacted by Zotob or are having trouble applying the updates.  Our goal is to get you up and running and help you be protected, so please contact us.


Meanwhile we’ll be here in the situation room, investigating any new variations or attacks that might impact you.



*This posting is provided “AS IS” with no warranties, and confers no rights.*