MS06-007 update, and one year of blogging.

Hey folks, Stephen Toulouse here blogging live from San Jose, at the RSA 2006 security conference.  First a quick update on the MS06-007 update issue Craig mentioned earlier.  This situation is now resolved and customers should be able to get the update. I want to reiterate that the problem had nothing to do with the update itself, you applied it manually from the download center or got it through SUS 1.0 it should install correctly and protect against the vulnerability.  But it’s available now for everyone.

It’s hard to believe, but it’s been one year now that we’ve been using blogging to communicate late breaking security update and incident information to you. From our humble beginnings on MSN Spaces, to the current version of the blog, the feedback has been tremendous and we’re glad you find it useful.  As we always do when we have a deployment glitch in the system, let me explain just a bit about what happened in our process that caused MS06-007 to fail to install in certain situations.

The short story is that we had an error in the way that we handle delta patching in our publishing infrastructure.  It resulted in the client end not downloading the binaries and reporting a download error.  This only affected Windows Update and Microsoft update and WSUS (SUS was not affected).  This did not impact SMS or updates obtained from the download center.  So we’ve corrected that error today and the update is available from all sources.  Moving forward we’re taking a short term fix in the checking processes prior to release to help us catch this, and in the longer term we’re going to be changing our internal publishing process to completely eliminate the problem.

Moving on to the RSA Security Conference!  Bill Gates gave the opening keynote this morning, sharing Microsoft’s vision for a more secure future.  There’s a lot of great stuff if you missed it on our PressPass site, here are some links:

Main site for the content

  Transcript of the keynote

  Video Q&A between Bill Gates and Mike Nash, our Corporate Vice President of   the Security Technology Unit

Last year’s readers will remember the MSRC wheel of fortune, where customers filled out our feedback survey and got a chance to win an Xbox game or a PC game.  Well the wheel is back!  And this time it’s a chance to win Xbox 360 game (Project Gotham Racing 3), or an Xbox1 game (Halo2) or Fable for the PC, or a 12 month Xbox Live subscription!  Why are we doing this?  We’ll we’re always looking for feedback on how we can make things better for customers, and this year we’re taking a close look at our security bulletin format.  So if you’re at RSA come by the Microsoft booth, look at our proposed mock up for changes to the online experience of the Microsoft Security Bulletins, fill out the survey and have a chance to spin the wheel! 

What’s that?  Don’t have an Xbox360?  Oh I should mention our main prize drawing for our booth if you get all the stamps is…you got it, an Xbox 360. 

We’ll have more blogging soon.


*This posting is provided “AS IS” with no warranties, and confers no rights.*