九月份資訊安全公告 Sep 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處
Questions last time When will XPSP3 release?When will XPSP3 release? Answer: SP3 for Windows XP Professional is currently planned for 2H This date is preliminary.Answer: SP3 for Windows XP Professional is currently planned for 2H This date is preliminary. Check the following: the following:
What We Will Cover Review Sep. releasesReview Sep. releases –Re-released bulletins –New security bulletins –High-priority non-security updates Other security resourcesOther security resources –Windows Malicious Software Removal Tool ResourcesResources Questions and answersQuestions and answers
Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button
Sep 2006 Security Bulletins Summary 3 New Security Bulletins for September3 New Security Bulletins for September –1 new critical –1 new moderate –1 new important 2 Re-released Bulletins2 Re-released Bulletins –both critical 2 Security Advisories2 Security Advisories
Sep 2006 Security Bulletins Overview Bulletin Number Title Maximum Severity Rating Products Affected MS06-040v2Vulnerability in Server Service Could Allow Remote Code Execution (921883) CriticalAll currently supported versions of Windows MS06-042v3Cumulative Security Update for Internet Explorer (918899) CriticalInternet Explorer on all currently supported versions of Windows MS06-052Pragmatic General Multicast (PGM) (919007) ImportantWindows XP SP1/SP2 with MSMQ installed MS06-053Indexing Service (920685)ModerateAll currently supported versions of Windows MS06-054Office Publisher (910729)CriticalOffice 2000/2002/2003
MS06-040v2: Windows - Critical Title Vulnerability in Server Service Could Allow Remote Code Execution (KB ) The Problem: A remote code execution vulnerability is exposed in the Server service, which could allow an attacker to take complete control of the an unprotected system by sending an unauthenticated, specially crafted message to the Server service. Vulnerabilities: Server Service Vulnerability - CVE Affected Versions: All supported versions of Windows: Microsoft Windows 2000 Service Pack 4Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 EditionMicrosoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based SystemsMicrosoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 EditionMicrosoft Windows Server 2003 x64 Edition
MS06-040v2: Windows - Critical Title Vulnerability in Server Service Could Allow Remote Code Execution (KB ) Attack Vectors/Impact: Any unpatched system with the Server service’s listening port (TCP 139, 445) exposed to a potentially compromised network is susceptible to an unauthenticated attack.Any unpatched system with the Server service’s listening port (TCP 139, 445) exposed to a potentially compromised network is susceptible to an unauthenticated attack. Systems compromised by this vulnerability could be used to propagate a Blaster-style internet wormSystems compromised by this vulnerability could be used to propagate a Blaster-style internet worm The Fix: The update removes the vulnerability by modifying the way that Server service validates the length of a message it receives in RPC communications before it passes the message to the allocated buffer. Mitigations: Systems with the Server service disabled will not be exposed (NOTE: this is an extremely rare case in most enterprise environments) Workaround: Block TCP 139 and TCP 445 at perimeter and on hosts connected to untrusted networks
MS06-040v2: Windows - Critical Title Vulnerability in Server Service Could Allow Remote Code Execution (KB ) Detection and Deployment: Detectable via MBSA 1.2 *, MBSA 2.0, SMS 2.0 *, SMS 2003 Detectable via MBSA 1.2 *, MBSA 2.0, SMS 2.0 *, SMS 2003 Deployable via WU, MU, SUS *, WSUS, SMS 2.0*, SMS 2003 Deployable via WU, MU, SUS *, WSUS, SMS 2.0*, SMS 2003 * does not support x64 and ia64 versions of Windows * does not support x64 and ia64 versions of Windows Does this supersede any updates? NoNo Publicly Disclosed (?) This vulnerability was initially reported through responsible disclosure, but was later disclosed publiclyThis vulnerability was initially reported through responsible disclosure, but was later disclosed publicly MSRC was made aware of public exploitation prior to bulletin releaseMSRC was made aware of public exploitation prior to bulletin release Reboot and Uninstall Information: Installing the update requires a reboot of the systemInstalling the update requires a reboot of the system This update is uninstallableThis update is uninstallable
MS06-040v2: Windows - Critical Title Vulnerability in Server Service Could Allow Remote Code Execution (KB ) What is this reason for this re-release? Initial building of WS03 SP1 updates for MS required netapi32.dll be loaded at a different base address in memory due to increase in code sizeInitial building of WS03 SP1 updates for MS required netapi32.dll be loaded at a different base address in memory due to increase in code size Re-basing can cause applications that reserve large amounts of contiguous memory to fail.Re-basing can cause applications that reserve large amounts of contiguous memory to fail. Subsequent code changes allowed the base address for netapi32.dll to be changed back to its original location.Subsequent code changes allowed the base address for netapi32.dll to be changed back to its original location has been updated to include the original pre- MS base address that was included in hotfix has been updated to include the original pre- MS base address that was included in hotfix Other information: v2 will automatically upgrade systems requiring the new update (ie. uninstall of v1 is not required) v2 will automatically upgrade systems requiring the new update (ie. uninstall of v1 is not required) Only WS03 SP1 systems (and systems that use the WOW64 components from that OS) are affected:Only WS03 SP1 systems (and systems that use the WOW64 components from that OS) are affected: –WS03 SP1 (x86/x64/ia64) –WinXP x64 More Information: For more Information, please review the FAQ at: For more Information, please review the FAQ at:
Questions about MS06-040v2?
MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release The Problem: This update resolves several newly discovered, publicly and privately reported vulnerabilities. This update resolves several newly discovered, publicly and privately reported vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. New Vulnerabilities Long URL Buffer Overflow Vulnerability CVE Long URL Buffer Overflow Vulnerability CVE Long URL Buffer Overflow Vulnerability CVE Long URL Buffer Overflow Vulnerability CVE
MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release Affected Software Microsoft Windows 2000 Service Pack 4Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 EditionMicrosoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1 Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based SystemsMicrosoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 EditionMicrosoft Windows Server 2003 x64 Edition
MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release Who needs to install MS06-042v3? If v1 or v2 is NOT installed: All Affected Software (above) … If v1 or v2 is NOT installed: All Affected Software (above) … If v1 or v2 is installed, the following still need to install MS06-042: If v1 or v2 is installed, the following still need to install MS06-042: – IE 5.01 SP4 on Windows 2000 SP4 – IE 6 SP1 for Windows XP SP1 and Windows 2000 SP4 – IE 6 for Windows Server 2003 Who does NOT needs to install MS06-042v3? If v1 or v2 is installed, the following does NOT need to install MS06-042: If v1 or v2 is installed, the following does NOT need to install MS06-042: – IE 6 for Windows XP SP2 – IE 6 for Windows Server 2003 SP1
MS06-042v3: New Vulnerabilities Vulnerability Long URL Buffer Overflow Vulnerability - CVE Possible Attack Vectors Remote code Execution: From a malicious web site with a specially crafted Web page (via attachment or IM request etc) Impact of Attack Attackers could take complete control of an affected system The Fix: Modified the way IE handles long URLs when navigating to websites using the HTTP 1.1 protocol and compression. Vulnerability Long URL Buffer Overflow Vulnerability CVE Possible Attack Vectors Remote code Execution: From a malicious web site with a specially crafted Web page (via attachment or IM request etc) Impact of Attack Attackers could take complete control of an affected system The Fix: Modified the way IE handles long URLs when navigating to websites using the HTTP 1.1 protocol and compression.
MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release Mitigations Web based attacks require user to visit malicious webs Web based attacks require user to visit malicious webs Html is opened in restricted zone: OE6, OL2002, Html is opened in restricted zone: OE6, OL2002, OL2003, and OL2002 w/OL security update OL2003, and OL2002 w/OL security update LUA: Attackers who successfully exploited these vulns could gain LUA: Attackers who successfully exploited these vulns could gain the same user rights as the local user. the same user rights as the local user. IE on Windows Server 2003 – Enhanced Security Configuration IE on Windows Server 2003 – Enhanced Security Configuration Workaround (New) Disable the HTTP 1.1 protocol in Internet Explorer. (New) Disable the HTTP 1.1 protocol in Internet Explorer. Disable caching of your Web site’s content Disable caching of your Web site’s content Set Active Scripting to Disabled or Prompt in the Internet Zone Set Active Scripting to Disabled or Prompt in the Internet Zone Set Internet and Local intranet security zone settings to “High” Set Internet and Local intranet security zone settings to “High” Add Trusted sites to the trusted site zone Add Trusted sites to the trusted site zone Read in plain text format Read in plain text format Disable Com Object instantiation (set kill bit) Disable Com Object instantiation (set kill bit) Detection and Deployment Next Page… Next Page…
MS06-042v3: IE Cumulative (Critical) Title MS06-042v3 Cumulative Security Update for Internet Explorer (918899) Re- release Does this supersede any updates? MS06-021MS Other information: Is a Restart required? YESIs a Restart required? YES Is there an uninstall option? YESIs there an uninstall option? YES Are the new vulnerabilities publicly known?Are the new vulnerabilities publicly known? – CVE : Publicly Known: YESPublicly Known: YES Publicly Exploited: NOPublicly Exploited: NO – CVE : Publicly Known: NOPublicly Known: NO Publicly Exploited: NOPublicly Exploited: NO More Information: FAQ:FAQ:
Questions about MS06-042v3?
MS06-052: Pragmatic General Multicast (PGM) - Important Title Vulnerability in Pragmatic General Multicast (PGM) Could Result in Remote Code Execution KB The Problem This update resolves a newly discovered, privately reported, vulnerability which is documented in the "Vulnerability Details" section of this bulletin. An attacker who successfully exploited the vulnerability could take complete control of the affected system Vulnerabilities PGM Code Execution Vulnerability - CVE CVE Affected versions Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 Attack Vectors/Impact There is a remote code execution vulnerability that could allow an attacker to send a specially crafted multicast message to an affected system and execute code on the affected system.
MS06-052: Pragmatic General Multicast (PGM) - Important Title Vulnerability in Pragmatic General Multicast (PGM) Could Result in Remote Code Execution KB The Fix The update removes the vulnerability by modifying the way that the MSMQ Service validates a PGM message before it passes the message to the allocated buffer. Mitigations For customers who require the affected component, firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.For customers who require the affected component, firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. Pragmatic General Multicast (PGM) is only supported when Microsoft Message Queuing (MSMQ) 3.0 is installed. The MSMQ service is not installed by default.Pragmatic General Multicast (PGM) is only supported when Microsoft Message Queuing (MSMQ) 3.0 is installed. The MSMQ service is not installed by default. Workaround We have not identified any workarounds for this vulnerability.
MS06-052: Pragmatic General Multicast (PGM) - Important Title Vulnerability in Pragmatic General Multicast (PGM) Could Result in Remote Code Execution KB Does this supersede any updates? No Other information Was the vulnerability publicly known? No Was the vulnerability publicly known? No Are there any known exploits? No Are there any known exploits? No Is a Restart required? Yes Is a Restart required? Yes Is there an uninstall option? Yes Is there an uninstall option? Yes More Information For more Information, please review the FAQ at: For more Information, please review the FAQ at:
Questions on MS06-052?
MS06-053: Indexing Service - Moderate Title Vulnerability in Indexing Service Could Allow Cross-Site Scripting (KB920685) The Problem There is an information disclosure vulnerability in Indexing Service because of the way that it handles query validation, creating the possibility of cross-site scripting.There is an information disclosure vulnerability in Indexing Service because of the way that it handles query validation, creating the possibility of cross-site scripting. The vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected web siteThe vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected web site Vulnerabilities Microsoft Indexing Service Vulnerability - CVE CVE Affected versions Microsoft Windows 2000 Service Pack 4Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 EditionMicrosoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based SystemsMicrosoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 EditionMicrosoft Windows Server 2003 x64 Edition
MS06-053: Indexing Service - Moderate Title Vulnerability in Indexing Service Could Allow Cross-Site Scripting KB Attack Vectors /Impact: A user would have to be enticed to click on a URL which goes to a malicious web site which hosts the exploit. The Fix: The update removes the vulnerability by modifying the way that Indexing Service validates the length of a message before it passes the message to the allocated buffer. Mitigations: By default, Internet Information Services 6.0 is not enabled on Windows ServerBy default, Internet Information Services 6.0 is not enabled on Windows Server On Windows Server 2003, if the Internet Information Services (IIS) has been enabled, the Indexing Service is not enabled by default.On Windows Server 2003, if the Internet Information Services (IIS) has been enabled, the Indexing Service is not enabled by default. When Indexing Service is installed, web-based query pages must be created or installed manually that will allow IIS to receive queries from anonymous users and pass those queries to the Indexing Service.When Indexing Service is installed, web-based query pages must be created or installed manually that will allow IIS to receive queries from anonymous users and pass those queries to the Indexing Service. (Continued on the next slide)(Continued on the next slide)
MS06-053: Indexing Service - Moderate Title Vulnerability in Indexing Service Could Allow Cross-Site Scripting KB Mitigations (Continued): The attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an message or instant messenger message that takes users to the attacker's Web site.The attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an message or instant messenger message that takes users to the attacker's Web site. Firewall best practices and standard default firewall configurations (E.g. systems that connected to the Internet have a minimal number of ports) can help protect networks from attacks that originate outside the enterprise perimeter.Firewall best practices and standard default firewall configurations (E.g. systems that connected to the Internet have a minimal number of ports) can help protect networks from attacks that originate outside the enterprise perimeter. Workarounds: Firewall best practices and standard default firewall configurations (E.g. systems that connected to the Internet have a minimal number of ports) can help protect networks from attacks that originate outside the enterprise perimeter. Block at the firewall: UDP ports 137 and 138 and TCP ports 139 and 44.Firewall best practices and standard default firewall configurations (E.g. systems that connected to the Internet have a minimal number of ports) can help protect networks from attacks that originate outside the enterprise perimeter. Block at the firewall: UDP ports 137 and 138 and TCP ports 139 and 44. To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall, enable advanced TCP/IP filtering on systems that support this feature, block the affected ports by using IPSec on the affected systems.To help protect from network-based attempts to exploit this vulnerability, use a personal firewall, such as the Internet Connection Firewall, enable advanced TCP/IP filtering on systems that support this feature, block the affected ports by using IPSec on the affected systems.Internet Connection FirewallInternet Connection Firewall Remove the Indexing ServiceRemove the Indexing Service
MS06-053: Indexing Service - Moderate Title Vulnerability in Indexing Service Could Allow Cross-Site Scripting KB Does this supersede any updates? No Other information Was the vulnerability publicly known? No Was the vulnerability publicly known? No Are there any known exploits? No Are there any known exploits? No Is a Restart required? No Is a Restart required? No Is there an uninstall option? Yes Is there an uninstall option? Yes More Information For more Information, please review the FAQ at: For more Information, please review the FAQ at:
Questions about MS06-053?
MS06-054: Office - Critical Title Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) The Problem A remote code execution vulnerability exists in Publisher, and could be exploited when a malformed string included in a Publisher file is parsed. An attacker could exploit the vulnerability by constructing a specially crafted Publisher file that could allow remote code execution. Vulnerabilities Microsoft Publisher Vulnerability - CVE Affected versions Office Publisher 2000 Office Publisher 2002 Office Publisher 2003 Attack Vectors/Impact For an attack to be successful a user must open an attachment that is sent in an message or visit a Web site that contains a Web page that is used to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. The Fix The update removes the vulnerability by modifying the way that Publisher parses the file and validates the length of a string before passing it to the allocated buffer.
MS06-054: Office - Critical Title Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) Mitigations Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. an attacker would have to persuade users to visit the Web sitean attacker would have to persuade users to visit the Web site The vulnerability cannot be exploited automatically through The vulnerability cannot be exploited automatically through For Office 2000, you may install the Office Document Open Confirmation Tool for Office 2000 and you will then be prompted with Open, Save, or Cancel before opening a document. Office 2002 and 2003 include this feature by default.For Office 2000, you may install the Office Document Open Confirmation Tool for Office 2000 and you will then be prompted with Open, Save, or Cancel before opening a document. Office 2002 and 2003 include this feature by default.Office Document Open Confirmation ToolOffice Document Open Confirmation Tool Workaround Do not open or save Publisher files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources Do not open or save Publisher files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources Detection and Deployment Software MBSA MBSA 2.0 SMS 2.0 SMS 2003 Microsoft Publisher 2000 Yes No Yes Yes Microsoft Publisher 2002 Yes Yes Yes Yes Microsoft Publisher 2003 Yes Yes Yes Yes
MS06-054: Office - Critical Title Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) Does this supersede any updates? NoneNone Other information Was the vulnerability publicly known? NO Was the vulnerability publicly known? NO Are there any known exploits? NO Are there any known exploits? NO Is a Restart required? YES, this update changes shared Office dll files in addition to Publisher files. Although the security vulnerability only exists in Publisher a reboot is required to complete the installation of all files in the update. Is a Restart required? YES, this update changes shared Office dll files in addition to Publisher files. Although the security vulnerability only exists in Publisher a reboot is required to complete the installation of all files in the update. Is there an uninstall option? NO Is there an uninstall option? NO More Information For more Information, please review the FAQ at: For more Information, please review the FAQ at:
Questions about MS06-054?
Security Advisory (1 of 2) Security Advisory Minifilter can block AU and WSUS Non-security updateNon-security update This update addresses an error that could result when using a minifilter-based application on a system.This update addresses an error that could result when using a minifilter-based application on a system. Specific Error Code: 0x Specific Error Code: 0x This error code could occur when updating any of the following Microsoft tools:This error code could occur when updating any of the following Microsoft tools: –Automatic Updates –WU Web site –MU Web site –Inventory Tool for Microsoft Updates (ITMU) for Microsoft Systems Management Server (SMS) 2003 –SUS –WSUS Windows Server 2003 R2 is the only version of Windows that ships with a minifilter-based application, but it is not installed by default.Windows Server 2003 R2 is the only version of Windows that ships with a minifilter-based application, but it is not installed by default. ISVs are building new applications using the minifilter technology; this error could affect any systems in the future.ISVs are building new applications using the minifilter technology; this error could affect any systems in the future. Customers should evaluate and deploy the update.Customers should evaluate and deploy the update. More information: information:
Security Advisory (2 of 2) Security Advisory – Adobe Security Bulletin: APSB06-11 Flash Player Update to Address Security Vulnerabilities Recent security vulnerabilities in Macromedia Flash Player from Adobe redistributed with Microsoft Windows XP SP1 & SP2.Recent security vulnerabilities in Macromedia Flash Player from Adobe redistributed with Microsoft Windows XP SP1 & SP2. The Microsoft Security Response Center is in communication with Adobe.The Microsoft Security Response Center is in communication with Adobe. Adobe has made updates available on their Web site.Adobe has made updates available on their Web site. Customers who use Flash Player should follow the Adobe guidance.Customers who use Flash Player should follow the Adobe guidance. For more information please see Adobe Security Bulletin located at: more information please see Adobe Security Bulletin located at: KB925143:
Sep 2006 Non-Security Updates NUMBERTITLEDistribution Update for Windows MU, WU Update for Windows XP MU, WU Update for Outlook 2003 Junk Filter MU
Detection and Deployment SUSMUWSUSMBSA2MBSAESTCSASMS MS Server Service ●●●● MS IE Cumulative ●●●●● MS PGM ●●●● MS Index Server ●●●● MS Publisher ●*●*●*●*●● MU does not support detection for vulnerable Office 2000 productsMU does not support detection for vulnerable Office 2000 products For Office 2000, use SMS/WSUS/MBSA1.2/OfficeUpdateToolFor Office 2000, use SMS/WSUS/MBSA1.2/OfficeUpdateTool
Other Update Information BulletinRestartUninstallReplaces On products MS06-040v2RequiredYesNone All products MS06-042v3RequiredYesMS All products MS06-052RequiredYesNone Windows XP SP1/XP2 MS06-053NoYesNone All products MS06-054RequiredNoNone Office Publisher 2000/2002/2003
Windows Malicious Software Removal Tool Twenty-first monthly incremental update.Twenty-first monthly incremental update. The September update adds the ability to remove:The September update adds the ability to remove: –Win32/Bancos –Win32/Haxdoor –Win32/Sinteri Available as priority update through Windows Update or Microsoft Update for Windows XP usersAvailable as priority update through Windows Update or Microsoft Update for Windows XP users –Offered through WSUS; not offered through SUS 1.0 Also as an ActiveX control or download at as an ActiveX control or download at
Lifecycle Support Information End of public security support for Windows XP SP 1End of public security support for Windows XP SP 1 –10 October 2006 Support EOL for Software Update Services (SUS) 1.0Support EOL for Software Update Services (SUS) 1.0 –6 December ervices/evaluation/previous/default.mspxwww.microsoft.com/windowsserversystem/updates ervices/evaluation/previous/default.mspxwww.microsoft.com/windowsserversystem/updates ervices/evaluation/previous/default.mspxwww.microsoft.com/windowsserversystem/updates ervices/evaluation/previous/default.mspx –Public security support for Windows 98, 98 SE, and Millennium Edition HAS ENDED as of 11 July See for more informationSee for more informationwww.microsoft.com/lifecycle
Resources September Security Bulletin Webcast (US) en-USSeptember Security Bulletin Webcast (US) en-US en-US en-US Security Bulletins Summary Bulletins Summary Security Bulletins Search Bulletins Search Security Advisories Advisories MSRC Blog Blog Notifications TechNet Radio Radio SearchSecurity Column Column IT Pro Security Newsletter Pro Security Newsletter TechNet Security Center Security Center
Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button Don’t forget to fill out the surveyDon’t forget to fill out the survey For upcoming and previously recorded webcasts: t/default.aspxFor upcoming and previously recorded webcasts: t/default.aspx t/default.aspx t/default.aspx Got webcast content ideas? us at: webcast content ideas? us at: