Dial In Number 1-877-593-2001 Pin: 3959 Information About Microsoft November 2012 Security Bulletins Jeremy Tinder Security Program Manager Microsoft Corporation.

Slides:



Advertisements
Similar presentations
Dial In Number Pin: 3959 Information About Microsoft September 21, 2012 Security Bulletin Jeremy Tinder Security Program Manager Microsoft.
Advertisements

Services Course Windows Live SkyDrive Participant Guide.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Dial In Number Pin: 9049 Information About Microsoft April 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Chapter 7 HARDENING SERVERS.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Information for Developers Windows XP Service Pack 2 Information for Developers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Computer Security and Penetration Testing
Monthly Security Bulletin Briefing
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number Pin: 3879 Information About Microsoft May 2012 Security Bulletins Dustin Childs Sr. Security Program Manager Microsoft Corporation.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Dial In Number Pin: 3750 Information About Microsoft August 2011 Security Bulletins Jonathan Ness Security Development Manager, MSRC Microsoft.
Dial In Number PIN: 1056 Information About Microsoft December 2011 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Microsoft ® Official Course Module 9 Configuring Applications.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Dial In Number Pin: 3959 Information About Microsoft December 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Information for Developers Windows XP Service Pack 2 Information for Developers Tony Goodhew Product manager Developer Division Microsoft Corp
2 New Security Bulletins and AdvisoriesNew Security Bulletins and Advisories –1 New Security Advisory –1 New Critical Bulletin –1 New Moderate Bulletin.
Module 4: Add Client Computers and Devices to the Network.
Dial In Number Pin: 3959 Information About Microsoft August 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Dial In Number Pin: 3959 Information About Microsoft’s January 2013 Out-of-Band Security Bulletin Jonathan Ness Security Development Manager.
Dial In Number Pin: 5639 Information About Microsoft January 2012 Security Bulletins Dustin Childs Sr. Security Program Manager, MSRC Microsoft.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Dial In Number Pin: 5453 Information About Microsoft June 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft Corporation.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)
Dial In Number Pin: 3959 Information About Microsoft January 2013 Security Bulletins Andrew Gross Senior Security Program Manager Microsoft.
C HAPTER 2 Introduction to Windows XP Professional.
二月份資訊安全公告 Feb 16, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Dial In Number Pin: 0336 Information About Microsoft February 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
FIREWALL. The member in group 1. Bhummikorn M.2/5 No.5 2.Borwornrat Khrongsiriwat M.2/5 No.6 3. Panaphon sangobsakun M.2/5 No.20 4.Kalint Muangsornkeaw.
十二月份資訊安全公告 Dec 14, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.
Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處 五月份資訊安全公告 May 10, 2007.
一月份資訊安全公告 Jan 15, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.
Information About Microsoft Out-of-Band Security Bulletins.
Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
CACI Proprietary Information | Date 1 PD² SR13 Client Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead Date: December 8, 2011.
CACI Proprietary Information | Date 1 PD² v4.2 Increment 2 SR13 and FPDS Engine v3.5 Database Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Information About Microsoft’s August 2004 Security Bulletins August 13, 2004 Feliciano Intini, CISSP, MCSE Security Advisor Premier Security Center Microsoft.
十月份資訊安全公告 Oct 12, 2006 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處.
Chapter 7: Using Windows Servers
TMG Client Protection 6NPS – Session 7.
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
Configuring Internet-related services
Severity and Exploitability Index
Designing IIS Security (IIS – Internet Information Service)
Using Software Restriction Policies
Presentation transcript:

Dial In Number Pin: 3959 Information About Microsoft November 2012 Security Bulletins Jeremy Tinder Security Program Manager Microsoft Corporation Dustin Childs Group Manager, Response Communications Microsoft Corporation

Dial In Number Pin: 3959 Live Video Stream To receive our video stream in LiveMeeting:To receive our video stream in LiveMeeting: –Click on Voice & Video –Click the drop down next to the camera icon –Select Show Main Video

Dial In Number Pin: 3959 What We Will Cover Review of November 2012 Bulletin Release InformationReview of November 2012 Bulletin Release Information –Six security bulletins –One updated security Advisory –Two security bulletin re-releases –Microsoft ® Windows ® Malicious Software Removal Tool ResourcesResources Questions and Answers: Please Submit NowQuestions and Answers: Please Submit Now –Submit Questions via Twitter #MSFTSecWebcast

Dial In Number Pin: 3959 Severity and Exploitability Index Exploitability Index 1 RISK 2 3 DP Severity Critical IMPACT Important Moderate Low MS12-071MS12-072MS12-073MS12-074MS12-075MS Internet Explorer Kernel- Mode Drivers Excel IIS Windows Shell.NET Framework

Dial In Number Pin: 3959 Bulletin Deployment Priority

Dial In Number Pin: 3959 MS12-071: Cumulative Security Update for Internet Explorer ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE CriticalNA1 Remote Code Execution Cooperatively Disclosed CVE CriticalNA1 Remote Code Execution Cooperatively Disclosed CVE CriticalNA1 Remote Code Execution Cooperatively Disclosed Affected Products Internet Explorer 9 on 32-bit and 64-bit versions of Vista and Windows 7 Internet Explorer 9 on 32-bit and 64-bit versions of Windows Server 2008 and 2008 R2 Affected Components Internet Explorer Deployment Priority 1 Main Target Workstations Possible Attack Vectors An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. An attacker could embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine.An attacker could embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements.The attacker could take advantage of compromised websites and websites that accept or host user- provided content or advertisements. Impact of Attack An attacker could gain the same user rights as the current user.An attacker could gain the same user rights as the current user. Mitigating Factors By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zoneBy default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML messages in the Restricted sites zone An attacker can not force users to view the attacker-controlled content.An attacker can not force users to view the attacker-controlled content. Additional Information Installations using Server Core are not affected.Installations using Server Core are not affected.

Dial In Number Pin: 3959 MS12-072: Vulnerabilities in Windows Shell Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE Critical11 Remote Code Execution Cooperatively Disclosed CVE Critical11 Remote Code Execution Cooperatively Disclosed Affected Products all supported editions of XP, Windows Server 2003, Vista, Windows Server 2008 (except for Itanium- based), Windows 7, Windows Server 2008 R2 (except for Itanium-based), Windows 8 (except for Windows RT), and Windows Server Affected Components Windows Shell Deployment Priority 2 Main Target Workstations Possible Attack Vector An attacker could host a specially crafted briefcase on a network share, and convince the user to navigate to the location using Windows Explorer.An attacker could host a specially crafted briefcase on a network share, and convince the user to navigate to the location using Windows Explorer. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code as the current userAn attacker who successfully exploited this vulnerability could run arbitrary code as the current user Mitigating Factors The vulnerability cannot be exploited automatically through .The vulnerability cannot be exploited automatically through . Additional Information Installations using Server Core are not affected.Installations using Server Core are not affected.

Dial In Number Pin: 3959 MS12-073: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE ModerateNANA Information Disclosure Publicly Disclosed CVE ModerateNANA Information Disclosure Cooperatively Disclosed Affected Products Microsoft FTP Service 7.0, and 7.5 for IIS 7.0 on Vista and Windows Server 2008, FTP 7.5 for IIS 7.5 on Windows 7, Windows Server 2008 R2, and Internet Information Services 7.5 on Windows 7 and Windows Server 2008 R2 Affected Components IIS permissions management Deployment Priority 3 Main Target Servers running affected versions of Microsoft Internet Information Services (IIS) Possible Attack Vector To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then view the unprotected log file. (CVE )To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then view the unprotected log file. (CVE ) An attacker could exploit this vulnerability by sending a specially crafted FTP command to the FTP server. (CVE )An attacker could exploit this vulnerability by sending a specially crafted FTP command to the FTP server. (CVE ) Impact of Attack An attacker who successfully exploited this vulnerability could execute a limited set of FTP commands, prior to the session switching to Transport Layer Security (TLS). (CVE )An attacker who successfully exploited this vulnerability could execute a limited set of FTP commands, prior to the session switching to Transport Layer Security (TLS). (CVE ) An attacker could discover the username and/or password of configured accounts. (CVE )An attacker could discover the username and/or password of configured accounts. (CVE ) Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (CVE )An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (CVE ) The Operational log for IIS is not enabled by default. (CVE )The Operational log for IIS is not enabled by default. (CVE ) Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

Dial In Number Pin: 3959 MS12-074: Vulnerabilities in.NET Framework Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions ImportantNA1 Elevation of Privilege Cooperatively Disclosed ImportantNA3 Information Disclosure Cooperatively Disclosed ImportantNA1 Elevation of Privilege Cooperatively Disclosed Critical11 Remote Code Execution Cooperatively Disclosed Important11 Elevation of Privilege Cooperatively Disclosed Affected Products All supported versions of.NET Framework 2.0, 3.5, 3.5.1, 4, 4.5 on all supported versions of Windows Client and Server except for Windows 8, RT, and Windows Server 2012 All supported versions of.NET Framework 1.0, 1.1,.NET Framework 4.0 and 4.5 on Windows 8 and RT and Windows Server 2012 Affected Components.NET Framework Deployment Priority 2 Main Target Workstations Possible Attack Vector Web Browsing: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the websiteWeb Browsing: An attacker could host a specially crafted website that contains a specially crafted XBAP (XAML browser application) that could exploit this vulnerability and then convince a user to view the website.NET Application: An attacker could host a file with a specially crafted filename on a network share, a UNC, or WebDAV location and then convince the user to browse to the file. (CVE , CVE , CVE ).NET Application: An attacker could host a file with a specially crafted filename on a network share, a UNC, or WebDAV location and then convince the user to browse to the file. (CVE , CVE , CVE ) An attacker could convince a user to open a legitimate.NET application built with ADO.NET that is located in the same network directory as a specially crafted dynamic link library (DLL) file. (CVE )An attacker could convince a user to open a legitimate.NET application built with ADO.NET that is located in the same network directory as a specially crafted dynamic link library (DLL) file. (CVE ) In a man-in-the-middle attack, an attacker can spoof the contents or the location of a proxy auto configuration (PAC) file and then inject code into the currently running application, bypassing the Code Access Security (CAS) restrictions. (CVE )In a man-in-the-middle attack, an attacker can spoof the contents or the location of a proxy auto configuration (PAC) file and then inject code into the currently running application, bypassing the Code Access Security (CAS) restrictions. (CVE ) Impact of Attack An attacker could take complete control of the affected system.An attacker could take complete control of the affected system. Mitigating Factors By default, IE 9 and IE 10 prevent XAML, which is used by XBAPs, from running in the Internet Zone.By default, IE 9 and IE 10 prevent XAML, which is used by XBAPs, from running in the Internet Zone. By default, IE 6, IE 7, and Internet Explorer 8 are configured to prompt the user before running XAML, which is used by XBAPs in the Internet Zone.By default, IE 6, IE 7, and Internet Explorer 8 are configured to prompt the user before running XAML, which is used by XBAPs in the Internet Zone. Additional Information This update is related to Microsoft Security Advisory

Dial In Number Pin: 3959 MS12-075: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE ImportantNA1 Elevation of Privilege Cooperatively Disclosed CVE ImportantNA1 Elevation of Privilege Cooperatively Disclosed CVE Critical22 Remote Code Execution Cooperatively Disclosed Affected Products All supported versions of Windows Client and Windows Server Affected Components Kernel-Mode Drivers Deployment Priority 1 Main Target Workstations Possible Attack Vector To exploit this vulnerability, an attacker would first have to log on to the system and then run a specially crafted application that could exploit the vulnerability. (CVE , CVE )To exploit this vulnerability, an attacker would first have to log on to the system and then run a specially crafted application that could exploit the vulnerability. (CVE , CVE ) Web based: an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. (CVE )Web based: an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. (CVE ) File Sharing: an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. (CVE )File Sharing: an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. (CVE ) Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. (CVE , CVE )An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. (CVE , CVE ) No mitigations identified for CVE No mitigations identified for CVE Mitigating Factors An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (CVE , CVE )An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. (CVE , CVE ) Additional Information Installations using Server Core are affected.Installations using Server Core are affected.

Dial In Number Pin: 3959 MS12-076: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution ( ) CVESeverity Exploitability CommentNote Latest Software Older Versions CVE ImportantNA1 Remote Code Execution Cooperatively Disclosed CVE ImportantNA1 Remote Code Execution Cooperatively Disclosed CVE ImportantNA1 Remote Code Execution Cooperatively Disclosed CVE ImportantNA1 Remote Code Execution Cooperatively Disclosed Affected Products All supported versions of Excel 2003, 2007, 2010, Office 2008 for Mac, Office for Mac 2011, Excel Viewer, Office Compatibility Pack Affected Components Excel Deployment Priority 2 Main Target Workstations Possible Attack Vector an attacker could exploit the vulnerability by sending a specially crafted Excel file to the user and by convincing the user to open the file. an attacker could exploit the vulnerability by sending a specially crafted Excel file to the user and by convincing the user to open the file. Web based: an attacker would have to host a website that contains a specially crafted Excel file that is used to attempt to exploit this vulnerability.Web based: an attacker would have to host a website that contains a specially crafted Excel file that is used to attempt to exploit this vulnerability. Impact of Attack An attacker who successfully exploited this vulnerability could run arbitrary code as the current user.An attacker who successfully exploited this vulnerability could run arbitrary code as the current user. Mitigating Factors The vulnerability cannot be exploited automatically through .The vulnerability cannot be exploited automatically through . an attacker would have no way to force users to visit these websitesan attacker would have no way to force users to visit these websites Additional Information For Microsoft Excel 2007, in addition to security update package KB , customers also need to install the security update for the Microsoft Office Compatibility Pack (KB ) to be protected from the vulnerabilities described in this bulletin.For Microsoft Excel 2007, in addition to security update package KB , customers also need to install the security update for the Microsoft Office Compatibility Pack (KB ) to be protected from the vulnerabilities described in this bulletin.

Dial In Number Pin: 3959 Microsoft Security Advisory ( ): Compatibility Issues Affecting Signed Microsoft BinariesMicrosoft Security Advisory ( ): Compatibility Issues Affecting Signed Microsoft Binaries –Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core components and software binaries. –As a pre-emptive action to assist customers, Microsoft is providing a non-security update for supported releases of Microsoft Windows. This update helps to ensure compatibility between Microsoft Windows and affected software binaries. Microsoft Security Advisories

Dial In Number Pin: 3959 MS12-046: Vulnerabilities in Visual Basic for Applications Could Allow Remote Code Execution ( ) Re-releaseMS12-046: Vulnerabilities in Visual Basic for Applications Could Allow Remote Code Execution ( ) Re-release –Microsoft is rereleasing the bulletin to offer the update for Microsoft Office 2003 Service Pack 3 (KB ) to address an issue with digital certificates described in Microsoft Security Advisory MS12-062: Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege ( ) Re-releaseMS12-062: Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege ( ) Re-release –Microsoft is rereleasing the KB update for System Center Configuration Manager 2007 –Microsoft is rereleasing the KB update for System Center Configuration Manager 2007 to address a problem with the resource files in the localized versions of the security update. –Customers who have successfully installed only the KB EN (English) version of the update do not need to take any action. November Security Bulletin Re-releases

Dial In Number Pin: 3959 Detection & Deployment 1.MBSA does not support Windows 8 or Windows Server Windows XP Tablet PC 2005 and XP Media Center Edition 2005 are not supported by any detection tools 3.Office for Mac is not supported by detection tools. 4.Yes except for Vista and Windows Server No except for Windows 7 32-bit SP1 and 64-bit SP1, and Windows Server 2008 R2 x64 SP1 and Itanium SP1

Dial In Number Pin: 3959 Other Update Information 1.This update cannot be removed once installed on all supported versions of Office for Mac

Dial In Number Pin: 3959 Windows Malicious Software Removal Tool (MSRT) During this release Microsoft will increase detection capability for the following families in the MSRT: Win32/Folstart: A worm that spreads through removable drives and modifies some system settingsWin32/Folstart: A worm that spreads through removable drives and modifies some system settingsWin32/Folstart: Win32/Weelsof: A family of ransomware trojans that targets users from certain countriesWin32/Weelsof: A family of ransomware trojans that targets users from certain countriesWin32/Weelsof: Win32/Phorpiex: A worm that spreads via removable drives and Windows Live Messenger, and contains backdoor functionalityWin32/Phorpiex: A worm that spreads via removable drives and Windows Live Messenger, and contains backdoor functionalityWin32/Phorpiex: Available as a priority update through Windows Update or Microsoft Update. Offered through WSUS 3.0 or as a download at:

Dial In Number Pin: 3959 Resources Blogs Microsoft Security Response Center (MSRC) blog: Security Response Center (MSRC) blog: Security Research & Defense blog: Research & Defense blog: Microsoft Malware Protection Center Blog: Malware Protection Center Blog: Twitter Security Centers Microsoft Security Home Page: Security Home Page: TechNet Security Center: Security Center: MSDN Security Developer Center: us/security/default.aspxMSDN Security Developer Center: us/security/default.aspx us/security/default.aspx us/security/default.aspx Bulletins, Advisories, Notifications & Newsletters Security Bulletins Summary: ary.mspxSecurity Bulletins Summary: ary.mspx ary.mspx ary.mspx Security Bulletins Search: Bulletins Search: Security Advisories: Advisories: Microsoft Technical Security Notifications: mspxMicrosoft Technical Security Notifications: mspx mspx mspx Microsoft Security Newsletter: Security Newsletter: Other Resources Update Management Process e/patchmanagement/secmod193.mspxUpdate Management Process e/patchmanagement/secmod193.mspx e/patchmanagement/secmod193.mspx e/patchmanagement/secmod193.mspx Microsoft Active Protection Program Partners: ners.mspxMicrosoft Active Protection Program Partners: ners.mspx ners.mspx ners.mspx

Dial In Number Pin: 3959 Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. A recording of this webcast will be available within 48 hours on the MSRC Blog: recording of this webcast will be available within 48 hours on the MSRC Blog: Register for next month’s webcast at: for next month’s webcast at:

Dial In Number Pin: 3959