Update on Microsoft Security Advisory 935964

Hello everyone,

This is Christopher Budd. I wanted to give you the latest information from our monitoring of the new attack we mentioned yesterday. I also wanted to address questions we’ve gotten from customers about when we think we’ll have updates ready to address this issue.

We have been monitoring the situation overnight and working with our Microsoft Security Response Alliance (MSRA) partners and attacks are still not widespread.

As part of our Software Security Incident Response Process (SSIRP) we’ve taken some additional steps overnight to help protect customers. First, we have worked to help provide information to our MSRA partners so their products can provide additional protections to customers. We’ve updated our Windows Live Safety Scanner and Windows Live One Care with protections for customers. We have also been working with our partners in the Global Infrastructure Alliance for Internet Safety (GIAIS) program to take steps to help keep attacks from spreading.

While we don’t have a firm estimate on when we’ll complete our development and testing of updates for this issue, we have teams around the world working on it twenty-four hours a day, and hope to have updates no later than May 8, 2007 for the May monthly bulletin release. However, this is a developing situation and we are constantly evaluating the situation and the status of our development and testing of updates.

For this issue, our teams are working on developing and testing 133 separate updates: one in every language for every currently supported version of Windows servers.  Each of these has to be tested to ensure they effectively protect against the vulnerability. Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don’t pose a greater risk than the security issue we’re addressing.

We again encourage customers to deploy the workarounds discussed in the security advisory. These are effective against the attacks we’ve seen so far. Additionally, we want to urge customers specifically to evaluate the registry key workaround and ensure they’re using the latest signatures for their security protection product.

We are continuing to monitor the situation closely. As we have been doing, we’ll make updates as we have new information through our security advisory and through the MSRC weblog.



*This posting is provided “AS IS” with no warranties, and confers no rights.*