二月份資訊安全公告 Feb 16, 2007 Richard Chen 陳政鋒 (Net+, Sec+, MCSE2003+Security, CISSP) 資深技術支援工程師 台灣微軟技術支援處

Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button

What We Will Cover Review of February releasesReview of February releases –New security bulletins –High-priority non-security updates Other security resourcesOther security resources –Prepare for new WSUSSCAN.CAB architecture –Lifecycle Information –Windows Malicious Software Removal Tool ResourcesResources Questions and answersQuestions and answers

Feb Security Bulletins Summary On Feb 14:On Feb 14: –12 New Security Bulletins 6 critical6 critical 6 important6 important –8 High-priority non-security updates

Feb Security Bulletins Overview Bulletin Number Title Maximum Severity Rating Products Affected MS Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) Important Step-by-Step Interactive Training MS Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) Important Windows XP, Windows Server 2003 MS Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) Important Windows XP MS Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) Critical Windows 2000, Windows XP, Windows Server 2003 MS Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) Critical Microsoft Data Access Components MS Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135) Critical Microsoft Malware Protection Engine MS Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) Important Windows 2000, Windows XP, Windows Server 2003 MS Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) Important Windows 2000, Windows XP, Windows Server 2003, Visual Studio.NET

Feb Security Bulletins Overview (cont.) Bulletin Number Title Maximum Severity Rating Products Affected MS Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) Important Windows 2000, Windows XP, Windows Server 2003, Office 2000, Office 2003, Office 2004 for Mac MS Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) Critical Word 2000, Word 2002, Word 2003, Word 2004 for Mac MS Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) Critical Office 2000, Office XP, Office 2003, Office 2004 for Mac MS Cumulative Security Update for Internet Explorer (928090) Critical Windows 2000, Windows XP, Windows Server 2003

Feb Security Bulletins Severity Summary Bulletin Number Windows 2000 SP 4 Windows XP SP 2Windows Server 2003Windows Server 2003 SP1 Windows Vista MS Not AffectedImportant Not Affected MS Not Affected ImportantNot Affected MS Critical Moderate Not Affected MS Critical ModerateNot Affected MS Important Not Affected MS Important Not Affected MS Important Not Affected Microsoft Visual Studio.NET 2002 Microsoft Visual Studio.NET 2002 Service Pack 1 Microsoft Visual Studio.NET 2003 Microsoft Visual Studio.NET 2003 Service Pack 1 MS Important Step-by-Step Interactive Training MS07-005Important

Feb Security Bulletins Severity Summary (cont.) Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office 2004, X for Mac MS07-013Important MS07-015CriticalImportant Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 2003 Microsoft Word 2004 for Mac MS07-014CriticalImportant Windows Live OneCare Microsoft Antigen for Exchange Server 9.x Microsoft Antigen for SMTP Server 9.x Microsoft Windows Defender Microsoft Forefront Security for Exchange Server 10 Microsoft Forefront Security for SharePoint Server 10 MS07-010Critical Internet Explorer 5.01 SP 4 Internet Explorer 6 SP 1 Internet Explorer 6 for Windows Server 2003 & SP1 IE 6.0 for Windows XP SP 2 IE 7.0 For Windows XP SP2 IE 7.0 for Windows Server 2003 MS Critical ImportantLow

MS – Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723) – Important Vulnerability Remote code execution vulnerability in Step-by-Step Interactive training due to bookmark link file handling Possible Attack Vectors Attacker creates specially formed Step-by-Step Interactive training bookmark link file (.cbo,.cbl and.cbm)Attacker creates specially formed Step-by-Step Interactive training bookmark link file (.cbo,.cbl and.cbm) Attacker posts file on Web site or sends file through Attacker posts file on Web site or sends file through Attacker convinces user to visit Web site or open file from Attacker convinces user to visit Web site or open file from Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Cannot be exploited automatically through user must open attached file Cannot be exploited automatically through user must open attached file Replaced MS MS Public Disclosed /Known Exploits None None

MS – Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) – Important Vulnerability Privilege elevation vulnerability in Windows Shell due to detection and registration of new hardware Possible Attack Vectors Attacker logs on to systemAttacker logs on to system Attacker loads specially crafted applicationAttacker loads specially crafted application Attacker executes specially crafted applicationAttacker executes specially crafted application Impact of Attack Elevation of privilege to LocalSystem security context Mitigating Factors Valid logon credential required Valid logon credential required Windows XP SP2 & Windows Server 2003 SP1: Administrator privileges required to exploit vulnerability remotely Windows XP SP2 & Windows Server 2003 SP1: Administrator privileges required to exploit vulnerability remotely Replaced MS MS Public Disclosed /Known Exploits None None

MS – Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802) – Important Vulnerability Privilege elevation vulnerability due to how Windows Image Acquisition service starts applications Possible Attack Vectors Attacker logs on to systemAttacker logs on to system Attacker loads specially crafted applicationAttacker loads specially crafted application Attacker executes specially crafted applicationAttacker executes specially crafted application Impact of Attack Elevation of privilege to LocalSystem security context Mitigating Factors Valid logon credential required Valid logon credential required Replaced None None Public Disclosed /Known Exploits None None

MS – Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) – Critical Vulnerability Remote code execution vulnerability in HTML Help ActiveX control Possible Attack Vectors Attacker creates specially formed Web pageAttacker creates specially formed Web page Attacker posts page on Web site or sends page as HTML Attacker posts page on Web site or sends page as HTML Attacker convinces user to visit Web site or view Attacker convinces user to visit Web site or view Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. All supported versions of Outlook and Outlook Express open HTML messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML . All supported versions of Outlook and Outlook Express open HTML messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML . Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and vectors on select vulnerabilities. Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and vectors on select vulnerabilities. Replaced MS MS Public Disclosed /Known Exploits None None

MS – Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779) – Critical Vulnerability Remote code execution vulnerability in ADODB.Connection ActiveX control Possible Attack Vectors Attacker creates specially formed Web pageAttacker creates specially formed Web page Attacker posts page on Web site or sends page as HTML Attacker posts page on Web site or sends page as HTML Attacker convinces user to visit Web site or view Attacker convinces user to visit Web site or view Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. All supported versions of Outlook and Outlook Express open HTML messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML . All supported versions of Outlook and Outlook Express open HTML messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML . Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and vectors on select vulnerabilities. Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and vectors on select vulnerabilities. Additional Information Addresses issue discussed on Oct. 27, 2006 in MSRC Weblog: Addresses issue discussed on Oct. 27, 2006 in MSRC Weblog: Replaced MS06-014, except MDAC 2.8 SP1 on Windows XP SP2, MDAC 2.8 on Windows 2003 and Windows 2003 ia64 MS06-014, except MDAC 2.8 SP1 on Windows XP SP2, MDAC 2.8 on Windows 2003 and Windows 2003 ia64 Public Disclosed /Known Exploits Public Disclosed but none known exploits. Public Disclosed but none known exploits.

MS – Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135) – Critical Vulnerability Code execution vulnerability in Microsoft Malware Protection Engine when parsing malformed Portable Document Format (.PDF) files Possible Attack Vectors Attacker crafts specially formed.PDF fileAttacker crafts specially formed.PDF file Attacker places.PDF document on web page or includes in as attachmentAttacker places.PDF document on web page or includes in as attachment Attacker convinces user to visit Web site or view and open attachmentAttacker convinces user to visit Web site or view and open attachment Impact of Attack Run code in context of LocalSystem Mitigating Factors None None Additional Information Products which utilize Microsoft Malware Protection Engine Products which utilize Microsoft Malware Protection Engine Windows Live OneCare Windows Live OneCare Microsoft Antigen for Exchange Server 9.x Microsoft Antigen for Exchange Server 9.x Microsoft Antigen for SMTP Server 9.x Microsoft Antigen for SMTP Server 9.x Microsoft Windows Defender Microsoft Windows Defender Microsoft Windows Defender x64 Edition Microsoft Windows Defender x64 Edition Microsoft Forefront Security for Exchange Server 10 Microsoft Forefront Security for Exchange Server 10 Microsoft Forefront Security for SharePoint Server 10 Microsoft Forefront Security for SharePoint Server 10 Updates to Microsoft Malware Protection provided through automatic updating technologies on a per product basis: see bulletin for details Updates to Microsoft Malware Protection provided through automatic updating technologies on a per product basis: see bulletin for details Replaced None None Public Disclosed /Known Exploits None None

MS – Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436) – Important Vulnerability Windows OLD Dialog component s do not perform sufficient validation when parsing OLD objects embedded in the RTF files that may corrupt system memory and may leads to Remote code execution. Windows OLD Dialog component s do not perform sufficient validation when parsing OLD objects embedded in the RTF files that may corrupt system memory and may leads to Remote code execution. Possible Attack Vectors Attacker creates.RTF file with specially formed embedded OLE objectAttacker creates.RTF file with specially formed embedded OLE object Attacker posts file on Web site or sends file through Attacker posts file on Web site or sends file through Attacker convinces user to visit Web site or open file from Attacker convinces user to visit Web site or open file from Attacker convinces user to navigate within.RTF document and manipulate embedded OLE objectAttacker convinces user to navigate within.RTF document and manipulate embedded OLE object Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Cannot be exploited automatically through user must open attached file Cannot be exploited automatically through user must open attached file Additional Information Contains defense-in-depth change to help address attack vectors related to MS Contains defense-in-depth change to help address attack vectors related to MS Replaced None None Public Disclosed /Known Exploits None None

MS – Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) – Important Vulnerability Remote code execution vulnerability in MFC component related to OLE object handling Remote code execution vulnerability in MFC component related to OLE object handling Possible Attack Vectors Attacker creates.RTF file with specially formed embedded OLE objectAttacker creates.RTF file with specially formed embedded OLE object Attacker posts file on Web site or sends file through Attacker posts file on Web site or sends file through Attacker convinces user to visit Web site or open file from Attacker convinces user to visit Web site or open file from Attacker convinces user to navigate within.RTF document and manipulate embedded OLE objectAttacker convinces user to navigate within.RTF document and manipulate embedded OLE object Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Cannot be exploited automatically through user must open attached file Cannot be exploited automatically through user must open attached file Additional Information MS contains defense-in-depth change to help address attack vectors MS contains defense-in-depth change to help address attack vectors Updates available for redistributable components within Visual Studio Updates available for redistributable components within Visual Studio mfc70u.dll - Visual Studio.NET 2002 mfc70u.dll - Visual Studio.NET 2002 mfc71u.dll - Visual Studio.NET mfc71u.dll - Visual Studio.NET Apply updates to development systems and provide updated versions of applications that use these files Apply updates to development systems and provide updated versions of applications that use these files Contact vendor for questions about applications that use these files Contact vendor for questions about applications that use these files Replaced None None Public Disclosed /Known Exploits None None

MS – Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118) – Important Vulnerability Remote code execution vulnerability in RichEdit components related to OLE object handling Remote code execution vulnerability in RichEdit components related to OLE object handling Possible Attack Vectors Attacker creates.RTF file with specially formed embedded OLE objectAttacker creates.RTF file with specially formed embedded OLE object Attacker posts file on Web site or sends file through Attacker posts file on Web site or sends file through Attacker convinces user to visit Web site or open file from Attacker convinces user to visit Web site or open file from Attacker convinces user to navigate within.RTF document and manipulate embedded OLE objectAttacker convinces user to navigate within.RTF document and manipulate embedded OLE object Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Vulnerability requires user to locate and interact with embedded OLE object: vulnerability cannot be exploited just from opening.RTF file Cannot be exploited automatically through user must open attached file Cannot be exploited automatically through user must open attached file Replaced None None Public Disclosed /Known Exploits None None

MS – Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) – Critical Vulnerabilities Six code execution vulnerabilities when processing Word files with malformed data elements Possible Attack Vectors Attacker crafts specially formed Word documentAttacker crafts specially formed Word document Attacker places Word document on web page or includes in as attachmentAttacker places Word document on web page or includes in as attachment Attacker convinces user to visit Web site or view and open attachmentAttacker convinces user to visit Web site or view and open attachment Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Word 2002 or Word 2003: cannot be exploited automatically through . User must open an attachment that is sent in . Word 2002 or Word 2003: cannot be exploited automatically through . User must open an attachment that is sent in . Word 2002 or Word 2003: cannot be exploited automatically through Web page. User must click through trust decision dialog box. Word 2002 or Word 2003: cannot be exploited automatically through Web page. User must click through trust decision dialog box. –Dialog box does not occur in Office –Dialog box can be added to Office 2000 by installing Office Document Open Confirmation Tool User must navigate to attacker’s site manually or through links in or IM. Access to sites cannot be automated. User must navigate to attacker’s site manually or through links in or IM. Access to sites cannot be automated. Additional Information Addresses four publicly disclosed issues; 3 issues subject to very limited, targeted attacks:Addresses four publicly disclosed issues; 3 issues subject to very limited, targeted attacks: CVE Dec. 5, 2006CVE Dec. 5, CVE Dec. 10, 2006CVE Dec. 10, CVE Dec. 15, 2006CVE Dec. 15, CVE Jan. 26, 2007CVE Jan. 26, Replaced MS MS Public Disclosed /Known Exploits No: CVE /CVE No: CVE /CVE Yes: CVE , CVE , CVE and CVE Yes: CVE , CVE , CVE and CVE

MS – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) – Critical Vulnerabilities Two code execution vulnerabilities when processing Office files with malformed data elements Possible Attack Vectors Attacker crafts specially formed Office documentAttacker crafts specially formed Office document Attacker places Office document on web page or includes in as attachmentAttacker places Office document on web page or includes in as attachment Attacker convinces user to visit Web site or view and open attachmentAttacker convinces user to visit Web site or view and open attachment Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Office XP or Office 2003: cannot be exploited automatically through . User must open an attachment that is sent in . Office XP or Office 2003: cannot be exploited automatically through . User must open an attachment that is sent in . Office XP or Office 2003: cannot be exploited automatically through Web page. User must click through trust decision dialog box. Office XP or Office 2003: cannot be exploited automatically through Web page. User must click through trust decision dialog box. –Dialog box does not occur in Office –Dialog box can be added to Office 2000 by installing Office Document Open Confirmation Tool User must navigate to attacker’s site manually or through links in or IM. Access to sites cannot be automated User must navigate to attacker’s site manually or through links in or IM. Access to sites cannot be automated Additional Information Addresses publicly disclosed issue subject to very limited, targeted attacks:Addresses publicly disclosed issue subject to very limited, targeted attacks: CVE Feb. 2, 2007:CVE Feb. 2, 2007: CVE CVE Originally discussed in MS06-058Originally discussed in MS Update was found to not address issueUpdate was found to not address issue Issue addressed in MS07-015Issue addressed in MS MS updated to reflect thisMS updated to reflect this MS DOES protect against other three vulnerabilities discussedMS DOES protect against other three vulnerabilities discussed Replaced MS MS Public Disclosed /Known Exploits Public disclosed: CVE (NOT disclosed: CVE ) Public disclosed: CVE (NOT disclosed: CVE ) Known exploits: None Known exploits: None

MS – Cumulative Security Update for Internet Explorer (928090) – Critical Vulnerabilities Three remote code execution vulnerabilities (2 COM object instantiations, 1 FTP server response parsing) Possible Attack Vectors Attacker creates specially formed Web pageAttacker creates specially formed Web page Attacker posts page on Web site or sends page as HTML Attacker posts page on Web site or sends page as HTML Attacker convinces user to visit Web site or view Attacker convinces user to visit Web site or view Impact of Attack Run code in context of logged on user Mitigating Factors Limits on user’s account limits attacker’s code Limits on user’s account limits attacker’s code Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. Vulnerability cannot be exploited automatically through browsing. User must navigate to attacker’s site manually or through links in or IM. All supported versions of Outlook and Outlook Express open HTML messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML . All supported versions of Outlook and Outlook Express open HTML messages in the Restricted sites zone, which helps reduce attacks preventing Active Scripting and ActiveX controls from being used when reading HTML . Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and vectors on select vulnerabilities. Internet Explorer on Windows Server 2003 in Enhanced Security Configuration mitigates the browsing and vectors on select vulnerabilities. Replaced MS MS Public Disclosed /Known Exploits Public Disclosed: CVE (others are not disclosed) Public Disclosed: CVE (others are not disclosed) Known exploits: None Known exploits: None

Detection and Deployment WU/SUS/AUOffice Update & SMS Microsoft Office Inventory Tool for Updates MBSA 1.2 & SMS Security Update Inventory Tool Enterprise Scan Tool & SMS Security Update Scan Tools MU/WSUS/AU, SMS 2003 ITMU, & MBSA 2.0 MS YesNANoYes MS NAYesNAYes MS NAYesNAYes MS NAYesNAYes MS NAYes (except Windows 2000)Windows 2000 onlyYes MS See Bulletin MS YesNAYesNAYes MS NAWindows onlyVisual Studio onlyWindows only MS Office onlyYes (Office: local only)NAYes (except Office 2000) MS NAYesLocal onlyNAYes (except Office 2000 and Mac) MS NAYesLocal onlyNAYes (except Office 2000 and Mac) MS YesNAYesNAYes

Other Update Information BulletinRestartHotpatchingUninstallReplaces MS May be requiredN/AYesMS MS RequiredNoYesMS MS N/AYesNone MS N/AYesMS MS N/AYesMS MS May be requiredN/A No (Except Defender on Vista) None MS May be requiredNoYesNone MS RequiredNoYesNone MS May be requiredNo Yes (except Office 2000) None MS May be requiredN/A Yes (except 2000 and Mac) MS MS May be requiredN/A Yes (except 2000 and Mac) MS MS RequiredNoYesMS06-072

February 2007 Non-Security Updates NUMBERTITLEDistribution Update for Windows XP (Daylight Savings Time) WU, MU February 2007 CardSpace Update for Windows XP WU, MU Update for Outlook Junk Filter 2003 MU Update for Outlook Junk Filter 2007 MU Update for Office 2003 MU Update for Excel 2003 MU Update for PowerPoint 2003 MU Update for Daylight Saving Time changes in 2007 for Exchange 2003 Update for Daylight Saving Time changes in 2007 for Exchange 2003MU

New WSUSSCAN.CAB architecture New architecture for wsusscan.cab begins since November 2006 Support for existing wsusscan.cab architecture ends on March 2007 SMS ITMU customers: download and deploy updated version of the SMS ITMU – – MBSA 2.0 offline scan customers: – –Download updated version of MBSA now – –Or download the new offline scan file, wsusscn2.cab, by clicking Save this file to C:\Documents and Settings\ \Local Settings\Application Data\Microsoft\MBSA\2.0\Cache\wsusscn2.cab. If you only run MBSA 2.0 in the online mode, do anything. See Microsoft KB Article for more information – –

US Daylight Savings Time non- security Update Change to comply with US Energy Policy Act of 2005Change to comply with US Energy Policy Act of 2005 –DST starts three weeks earlier: 2:00 am second Sunday in March (11 March 2007) –Ends one week later: 2:00 am first Sunday in November (4 November 2007) Updates to enable thisUpdates to enable this –Windows (931836) –Exchange 2003 (926666) Updates available through AU, WU, SUS, WSUS and ITMUUpdates available through AU, WU, SUS, WSUS and ITMU More informationMore information –

Windows Malicious Software Removal Tool – KB The Feb. update adds the ability to remove:The Feb. update adds the ability to remove: –Win32/Stration –Win32/Mitglieder Available as priority update through Windows Update or Microsoft Update for Windows XP usersAvailable as priority update through Windows Update or Microsoft Update for Windows XP users –Offered through WSUS; not offered through SUS 1.0 Also as an ActiveX control or download at as an ActiveX control or download at Deployment step-by-stsp: KB891716Deployment step-by-stsp: KB891716

Resources Feb Security Bulletin Webcast (US) 2&EventCategory=4&culture=en-US&CountryCode=USFeb Security Bulletin Webcast (US) 2&EventCategory=4&culture=en-US&CountryCode=US 2&EventCategory=4&culture=en-US&CountryCode=US 2&EventCategory=4&culture=en-US&CountryCode=US Security Bulletins Summary Bulletins Summary Security Bulletins Search Bulletins Search Security Advisories Advisories MSRC Blog Blog Notifications TechNet Radio Radio IT Pro Security Newsletter Pro Security Newsletter TechNet Security Center Security Center TechNet Forum ITPro Forum ITPro Detection and deployment guidance for the Feb 2007 security release and deployment guidance for the Feb 2007 security release

Questions and Answers Submit text questions using the “Ask a Question” buttonSubmit text questions using the “Ask a Question” button Don’t forget to fill out the surveyDon’t forget to fill out the survey For upcoming and previously recorded webcasts: upcoming and previously recorded webcasts: Webcast content suggestions: content suggestions: