Further Insight into Security Advisory 979352 and the Threat Landscape

Hi All,

We wanted to provide you some insight into the vulnerability reported in Microsoft Security Advisory 979352, which is related to our ongoing investigation into the recently publicized attacks against Google and other large corporate networks. We understand that there is a lot of noise about this topic right now and we know that our customers are receiving a lot of information about this situation from a variety of sources, so we want to provide some additional insight.

First, we will provide an update on the threat landscape – there has been a lot of speculation, so we’ll share detailed information on what Microsoft is seeing in terms of attacks across all of our monitoring systems. Second, we’ll highlight what customers should do to protect themselves. Finally, I will provide an update on the continuing work at Microsoft to respond to this situation and help protect our customers.

In terms of the threat landscape, we are only seeing very limited number of targeted attacks against a small subset of corporations. The attacks that we have seen to date, including public proof-of-concept exploit code, are only effective against Internet Explorer 6. Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time. This is likely due to improved security protections provided by newer versions of Internet Explorer and Windows as described in our recent Security Research and Defense Blog. In summary, we are not seeing any widespread attacks by any means, and thus far we are not seeing attacks focused on consumers.

That said, we remain vigilant about this threat evolving and want to be sure our customers take appropriate action to protect themselves. That is why we continue to recommend that customers using IE6 or IE7, upgrade to IE8 as soon as possible to benefit from the improved security protections it offers. Customers who are using Windows XP SP2 should be sure to upgrade to both IE8 and enable Data Execution Protection (DEP), or upgrade to Windows XP SP3 which enables DEP by default, as soon as possible. Additionally customers should consider implementing the workarounds and mitigations provided in the Security Advisory.

Additionally, even though we are only seeing limited targeted attacks today, we know that can change at any time. That is why through our Software Security Incident Response Plan (SSIRP), we actively monitor the threat landscape through our broad telemetry systems, including the Microsoft Malware Protection Center (MMPC), our Customer Service and Support group, and through our partners in the Microsoft Active Protection Program (MAPP) and the Microsoft Security Response Alliance (MSRA).

We want to assure you that we have teams working around the clock worldwide to develop a security update of appropriate quality for broad distribution to address this vulnerability.

We will continue to monitor this situation. Should we see any change in the threat landscape, we will update you as soon as possible, or otherwise provide you with daily updates here at the MSRC blog.

Thank you,

George Stathakopoulos
General Manager
Trustworthy Computing Security

*This posting is provided "AS IS" with no warranties, and confers no rights*