Friday update on Microsoft Security Advisory 935964

Hello everyone,


This is Christopher Budd. We’ve not seen any new developments in the DNS situation but I wanted to go ahead and take a minute to recap the current situation so everyone is up-to-date.


Also, I wanted to call out some information for your deployment planning to help expedite the deployment of the security update for this issue when we release it.


Recap of Current Situation


With the ongoing development and testing work from our teams on the issue, we are increasingly confident that we will have an update of appropriate quality for broad distribution in time for the May 8, 2007 monthly bulletin release. This will enable us and our customers to release and deploy the update as part of the regular monthly update process. However, as I’ve mentioned before, because testing is ongoing and we are constantly evaluating the situation, this could change. If it does, we will let you know through this weblog.


Also, our ongoing monitoring and work with our Microsoft Security Response Alliance (MSRA) partners shows no new malicious software attempting to exploit this vulnerability, and the information we posted about malicious software attempting to exploit this vulnerability last Thursday remains current. Also, just like we noted on Sunday, indications are that attacks are still not widespread.


Most importantly, we know from our Customer Service and Support organization that customers are following our guidance and protecting themselves by deploying the workarounds in our security advisory. We continue to encourage customers to protect themselves by deploying the workarounds and ensuring their security products are up-to-date while we continue our ongoing work on the security update.


Information for your deployment


As this is an update for Windows, this update will be supported by the usual detection and deployment tools for security updates for Windows.


That said, I wanted to call attention to some things that you might want to consider when thinking about the deployment of the update when it’s released. Most of this is recapping information we’ve mentioned at other points in time, but I wanted to reiterate it now. Hopefully this can help you to address any issues that could slow your deployment in advance of the update’s release.


First, since support for the legacy WSUSSCAN.CAB expired in March 2007, you need to ensure that your detection and deployment tools now support the new WSUSSCN2.CAB file. There will be no support for the security update for this issue in the old WSUSSCAN.CAB architecture.


If you use MBSA 2.0 in offline-scan mode, you will need to use MBSA 2.0.1. If you use the SMS 2003 Inventory Tool for Microsoft Updates (ITMU), you need to ensure you’re using version 3 of that tool.


Next, a reminder that as part of our standard Microsoft Support Lifecycle, support for Windows Server 2003 Service Pack 0 (RTM) expired on April 10, 2007 with the April monthly bulletin release. Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are the currently supported versions. You can get more information on the Microsoft Support Lifecycle dates for your planning at:


I also wanted to remind you that when the security update is released it will NOT undo any of the workarounds that you may have applied. You should include a plan to undo the workarounds you implemented during your deployment. We have information on how to undo the registry key workaround in our security advisory.


Finally, at this time, we believe that this security update will require a reboot. That information may change, but I wanted to include it now as I know that is important for your planning.


We’ll continue working on this issue and are monitoring the situation constantly until we release the update. And, as we have new information, we will let you know through our security advisory and this weblog.





*This posting is provided “AS IS” with no warranties, and confers no rights.*