Microsoft Security Bulletin Advance Notification

USMCRET6391 · 01-05-2006, 02:24 PM

Updated: January 5, 2005
Security Bulletin Advance Notification

Important Information for Thursday 5 January 2006

Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned.

Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release.

In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

Enterprise customers who are using Windows Server Update Services will receive the update automatically. In additional the update is supported Microsoft Baseline Security Analyzer 2.0, Systems Management Server, and Software Update Services. Enterprise customers can also manually download the update from the Download Center.

Microsoft will hold a special Web cast on Friday, January 6, 2006, to provide technical details on the MS06-001 and to answer questions. Registration details will be available at http://www.microsoft.com/technet/security/default.mspx.

Microsoft will also be releasing additional security updates on Tuesday, January 10, 2006 as part of its regularly scheduled release of security updates.

What is this alert?

As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.

In addition, to help customers prioritize monthly security updates with any non-security updates released on Microsoft Update, Windows Update, Windows Server Update Services and Software Update Services on the same day as the monthly security bulletins, we also provide:
•

Information about the release of updated versions of the Microsoft Windows Malicious Software Removal Tool.
•

Information about the release of NON-SECURITY, High Priority updates on Microsoft Update (MU), Windows Update (WU), Windows Server Update Services (WSUS) and Software Update Services (SUS). Note that this information will pertain ONLY to updates on Windows Update and only about High Priority, non-security updates being released on the same day as security updates. Information will NOT be provided about Non-security updates released on other days.

On 10 January 2006 Microsoft is planning to release:

Security Updates
•

1 Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).
•

1 Microsoft Security Bulletin affecting Microsoft Exchange and Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).

Microsoft Windows Malicious Software Removal Tool
•

Microsoft is planning to release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS
•

Microsoft is planning to release 1 NON-SECURITY High-Priority Update on Windows Update (WU) and Software Update Services (SUS).
•

Microsoft is planning release 3 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.

Microsoft will host a webcast next week to address customer questions on these bulletins. For more information on this webcast please see below:
•

TechNet Webcast: Information About Microsoft January Security Bulletins (Level 200)
•

Wednesday, January 11, 2006 11:00 AM (GMT-08:00) Pacific Time (US & Canada)
•

http://msevents.microsoft.com/CUI/We...CountryCode=US

At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until 10 Janurary 2006.

Grimmy · 01-05-2006, 02:31 PM

Good lookin out Top. Thanks

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

New To The Site?	Need Information?
Introduce yourself in Roll Call Enjoy the benefits of Membership Review rules on the site Help add facts and information to our Military Wiki Create your own Blog!	Help add Military Facts and Research to the site Get access to the Private Clubs

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)