Today we published the October Security Bulletin Webcast Questions & Answers page. We fielded eight questions across all bulletins. There was one question that we were unable to answer during the webcast due to time constraints, and we have included all questions and answers on the Q&A page.

We invite our customers to join us for the next public webcast on Wednesday, November 9th at 11am PDT (UTC -7), when we will go into detail about the November bulletin release and answer questions live on the air.

Customers can register to attend at the link below:
Date: Wednesday, November 9th, 2011
Time: 11:00 a.m. PST (UTC -7)
Register: Attendee Registration

Thanks,
Jerry Bryant
Group Manager, Response Communications
Microsoft Trustworthy Computing

Today we published the May Security Bulletin Webcast Questions & Answers page. We fielded twelve questions on various topics during the webcast, including bulletins released and the Malicious Software Removal Tool.  There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.

We invite our customers to join us for the next public webcast on Wednesday, June 15th at 11am PDT (-8 UTC), when we will go into detail about the June bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, June 15, 2011
Time: 11:00 a.m. PDT (UTC -8)
Register: Attendee Registration

Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Today we published the April Security Bulletin Webcast Questions & Answers page. We fielded 14 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools. There were two questions during the webcast that we were unable to answer and we have included those questions and answers on the QA page.

I also want to provide some clarity regarding our announcement that SMS 2003 with SUIT is retiring this month. SMS 2.0 and the SUIT add-on that can be installed on either SMS 2.0 or SMS 2003 are going out of support this month. SMS 2003 is not scheduled to go out of support until 2015. Customers who currently use SMS 2003 with SUIT should plan to use SCCM 2007 or SMS 2003 with ITMU starting next month. 

We invite our customers to join us for the next public webcast on Wednesday, May 11th at 11am PDT (-8 UTC), when we will go into detail about the April bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, March 9, 2011
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

 " "

Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Today we published the March Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools.

 We invite our customers to join us for the next public webcast on Wednesday, April 13th at 11am PDT (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

 Customers can register to attend at the link below:

 Date: Wednesday, April 13, 2011
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

 Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Today we published the March Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools.

 We invite our customers to join us for the next public webcast on Wednesday, April 13th at 11am PDT (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

 Customers can register to attend at the link below:

 Date: Wednesday, April 13, 2011
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

 Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Today we published the March Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools.

 We invite our customers to join us for the next public webcast on Wednesday, April 13th at 11am PDT (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

 Customers can register to attend at the link below:

 Date: Wednesday, April 13, 2011
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

 Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Today we published the February Security Bulletin Webcast Questions & Answers page. We fielded 12 questions on various topics during the webcast, including bulletins released, deployment tools, and update detection tools.

We invite our customers to join us for the next public webcast on Wednesday, March 9th at 11am PST (-8 UTC), when we will go into detail about the March bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, March 9, 2011
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Today we published the January Security Bulletin Webcast Questions & Answers page. We fielded five questions on various topics during the webcast.

We invite our customers to join us for the next public webcast on Wednesday, February 9th at 11am PST (-8 UTC), when we will go into detail about the February bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, February 9, 2011
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Today we published the December 2010 Security Bulletin Webcast Questions & Answers page. We fielded 17 questions, most concerning the Internet Explorer update and the re-releases of bulletins this month. We invite our customers to join us for the next public webcast on Wednesday, January 12 at 11am PST (-8 UTC), when we will go into detail about the December bulletin release and answer questions live on the air.

Customers can register to attend at the link below:

Date: Wednesday, January 12, 2011
Time: 11:00 a.m. PST (UTC -8)
Register: Attendee Registration

Thanks -

Jerry Bryant

Group Manager, Response Communications
Trustworthy Computing Group

Today, as part of our regular monthly security bulletin release process, we are releasing 16 comprehensive updates addressing 49 vulnerabilities affecting Windows, Internet Explorer (IE), Microsoft Office, and the .NET Framework. This release represents our commitment to provide predictable, high-quality updates as part of the service our customers get when they buy Microsoft products.

Looking at the number and type of updates this month, we have a fairly standard number of bulletins affecting products like Windows and Office. This month we also have a few bulletins originating from product groups that we don't see on a regular basis. For example, SharePoint, the Microsoft Foundation Class (MFC) Library (which is an application framework for programming in Windows), and the .NET Framework. It's worth noting that only six of the 49 total vulnerabilities being addressed have a critical rating. Further, three of the bulletins account for 34 of the total vulnerabilities. 

• MS10-071 (Critical) Cumulative Security Update for Internet Explorer. Note: Internet Explorer 8 is only affected by one RCE listed and IE 9 beta is not affected.
• MS10-076 (Critical) Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution.
• MS10-077 (Critical) Vulnerability in .NET Framework Could Allow Remote Code Execution. Note: this affects .NET Framework 4.0.
• MS10-075 (Critical) Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution.

Below is the aggregate risk and impact for October and the overall deployment priority information to further aid in prioritization:

The video below provides additional viewpoints on the priority bulletins and explains why each should be at the top of your list to install:

Our Security Research & Defense team has written blog posts to provide further technical details on the bulletins. Also of note, MS10-073 contains an update (rated Important) that addresses a local Elevation of Privilege as part of the two additional Stuxnet related elevate privilege vulnerabilities we announced in September. The second and final issue will be addressed in an upcoming bulletin. 

Tomorrow, please join Jerry Bryant, group manager, Response Communications, and special guest Jonathan Ness, principle security SDE lead, from the Security Research & Defense team for a webcast where they will go into details on this month's release.  We will also have a room full of subject matter experts standing by to help answer all of your questions during the session. You can register here:

Date: Wednesday, October 13, 2010
Time: 11:00 a.m. PDT (UTC -7)
Register: Attendee Registration

Thanks,

Carlene Chmaj

Security Response Senior Communications Manager

Follow us on Twitter: @MSFTSecResponse