Æ
Ǝиçεl
Thursday, December 03, 2009 8:41 AM by MSRCTEAM
December 2009 Bulletin Release Advance Notification
Advance Notification
http://www.microsoft.com/technet/security/bulletin/MS09-dec.mspx for the
December 2009 Security Bulletin Release
For December we are planning to release six new security bulletins
addressing 12 vulnerabilities in Windows, Internet Explorer (IE) and
Microsoft Office products. Three of the bulletins have a maximum severity
rating of Critical and three have a maximum severity rating of Important. To
help customers plan for their deployment of these updates, I want to
specifically call out that they touch all supported versions of Windows and
IE. On the Office side, the bulletins impact Project, Word and Works 8.5. All
of the updates for Windows will require a restart so please plan accordingly.
We want to make customers aware that we will be addressing the vulnerability
discussed in Security Advisory 977981
http://blogs.technet.com/msrc/archive/2009/11/23/microsoft-security-advisory-977981-released.aspx
in the IE bulletin on Tuesday. We know that customers are concerned about
this issue and we are also aware that Proof of Concept (PoC) code is
available publicly.
Here is a preview of the guidance we will be releasing with the bulletins on
Tuesday: The IE update maps to bulletin number 4 in the ANS
http://www.microsoft.com/technet/security/bulletin/MS09-dec.mspx and will be
at the top of our deployment priority list. The other critical update
affecting Windows (bulletin number 1) will have a lower Exploitability Index
http://technet.microsoft.com/en-us/security/cc998259.aspx rating, so while
the impact is higher with a critical severity rating, the lower risk will
drop the deployment priority down a little. The final critical update
affecting Microsoft Project (bulletin number 3), is only critical for Project
2000. The other affected versions are important. That coupled with a lower
Exploitability Index
http://technet.microsoft.com/en-us/security/cc998259.aspx will also drive it
down on the deployment priority list. Customers have asked us to map the
numbered bulletins in the ANS
http://www.microsoft.com/technet/security/bulletin/MS09-dec.mspx to the final
bulletin ID’s after release so we will be doing that in the blog post here on
Tuesday.
We are targeting the release of these bulletins for next Tuesday Dec. 8 at
10:00 a.m. PST (UTC -8). We will post more guidance at that time both here on
the MSRC blog and on the Security Research & Defense (SRD) blog
http://blogs.technet.com/srd/ . Our guidance will include risk and impact
information, our deployment priority list and deeper technical information on
the bulletins form the SRD team. Until then, please review the ANS page here.
http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx
Also next Wednesday please join Adrian Stone and myself as we host a live
webcast where we go in to detail on each bulletin and answer all of your
questions live with the help of a room full of subject matter experts on
these updates. Here is the event information:
Date: Wednesday Dec. 9
Time: 11:00 a.m. PST (UTC -8)
Registration and event link:
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032407802
I hope you can join us then!
December 2009 Bulletin Release Advance Notification
Advance Notification
http://www.microsoft.com/technet/security/bulletin/MS09-dec.mspx for the
December 2009 Security Bulletin Release
For December we are planning to release six new security bulletins
addressing 12 vulnerabilities in Windows, Internet Explorer (IE) and
Microsoft Office products. Three of the bulletins have a maximum severity
rating of Critical and three have a maximum severity rating of Important. To
help customers plan for their deployment of these updates, I want to
specifically call out that they touch all supported versions of Windows and
IE. On the Office side, the bulletins impact Project, Word and Works 8.5. All
of the updates for Windows will require a restart so please plan accordingly.
We want to make customers aware that we will be addressing the vulnerability
discussed in Security Advisory 977981
http://blogs.technet.com/msrc/archive/2009/11/23/microsoft-security-advisory-977981-released.aspx
in the IE bulletin on Tuesday. We know that customers are concerned about
this issue and we are also aware that Proof of Concept (PoC) code is
available publicly.
Here is a preview of the guidance we will be releasing with the bulletins on
Tuesday: The IE update maps to bulletin number 4 in the ANS
http://www.microsoft.com/technet/security/bulletin/MS09-dec.mspx and will be
at the top of our deployment priority list. The other critical update
affecting Windows (bulletin number 1) will have a lower Exploitability Index
http://technet.microsoft.com/en-us/security/cc998259.aspx rating, so while
the impact is higher with a critical severity rating, the lower risk will
drop the deployment priority down a little. The final critical update
affecting Microsoft Project (bulletin number 3), is only critical for Project
2000. The other affected versions are important. That coupled with a lower
Exploitability Index
http://technet.microsoft.com/en-us/security/cc998259.aspx will also drive it
down on the deployment priority list. Customers have asked us to map the
numbered bulletins in the ANS
http://www.microsoft.com/technet/security/bulletin/MS09-dec.mspx to the final
bulletin ID’s after release so we will be doing that in the blog post here on
Tuesday.
We are targeting the release of these bulletins for next Tuesday Dec. 8 at
10:00 a.m. PST (UTC -8). We will post more guidance at that time both here on
the MSRC blog and on the Security Research & Defense (SRD) blog
http://blogs.technet.com/srd/ . Our guidance will include risk and impact
information, our deployment priority list and deeper technical information on
the bulletins form the SRD team. Until then, please review the ANS page here.
http://www.microsoft.com/technet/security/bulletin/ms09-dec.mspx
Also next Wednesday please join Adrian Stone and myself as we host a live
webcast where we go in to detail on each bulletin and answer all of your
questions live with the help of a room full of subject matter experts on
these updates. Here is the event information:
Date: Wednesday Dec. 9
Time: 11:00 a.m. PST (UTC -8)
Registration and event link:
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032407802
I hope you can join us then!