March Out-of-Band Security Bulletin Webcast

Hi everyone, Last week Adrian Stone and I conducted a webcast to cover the Internet Explorer out-of-band security bulletin release. We only spent a short period of timing on the presentation and then spent the rest of the time answering customer questions which you can read here. There were some interesting questions and hopefully those who attended came away with a better understanding about how to better protect themselves from emerging threats. One resource we referred customers to several times is a new blog post by the Microsoft Malware Protection Center (MMPC) where they chart attacks against CVE2010-0806 by local: http://blogs.technet.com/mmpc/archive/2010/03/30/active-exploitation-of-cve-2010-0806.aspx To be clear, this data comes from attempted exploits of the vulnerability against customers who are protected by Microsoft security products such as Microsoft Security Essentials and Microsoft Forefront Client Security, etc. In these cases, the exploit failed because mitigating signatures are in place (see article for details). One of the questions we got in the webcast was: “If my malware protection is updated and covers this vulnerability, am I covered throughout the normal update cycle?” This would only be true for known exploits and not the vulnerability itself. Once we find a new exploit, the MMPC can develop and deploy a signature for it. Applying the update addresses the vulnerability itself and is why we (continue reading...)