January 2008 Monthly Release

Happy New Year! I hope 2008 is off to a wonderful start for you! This is Tami Gallupe, MSRC Release Manager, and we’re starting off the year here in MSRC-land with the release of two bulletins and a security advisory.


The first bulletin, MS08-001, addresses a vulnerability in TCP(IP)/IGMP that could allow remote code execution. It has a maximum severity of Critical.  


The other bulletin, MS08-002, addresses a vulnerability in LSASS that could allow local elevation of privilege. It has a maximum severity of Important. 


We also released a security advisory (943411) for currently supported editions of the Windows Vista operating system. This update, to improve Windows Sidebar Protection, enables Windows Sidebar to block potentially vulnerable gadgets.


As we do every month, we also released an update for Microsoft Windows Malicious Software Removal Tool. You can access the tool and learn more about it at www.microsoft.com/malwareremove. 


And, here’s the news I am most excited to share this month! Today is our first bulletin release since we launched the new Security Vulnerability Research & Defense  blog. We have some excellent, in-depth technical information about today’s release. If you want to “get under the hood” and learn more about workarounds and other information about vulnerabilities serviced by MSRC security updates, this is the place to go.  The purpose of this new blog is to provide IT professionals with technical details and further insight on ways you can protect your organization from security vulnerabilities. Make sure to visit this new blog to learn more about today’s updates.


I also want to invite you to join us for tomorrow’s webcast. It starts at 11:00 AM PST, and we’ll be talking about today’s release and answering your questions on the air. Click here to register. We look forward to hearing from you tomorrow.





*This posting is provided “AS IS” with no warranties, and confers no rights.*