I posted this to someone today and thought I’d blog this here as well: Regarding the patches that came out last week, consider two of them to be Service Packs and plan accordingly:  There are two BIG hunking patches in this go round that one really needs to treat like service packs. 1.  Exchange.  This is a denial of service and there’s no mitigation.  Big whoop they will target Vlad first and his big Exchange servers first, I can make a backup and install carefully.  You are replacing store.exe so it’s like it’s a sp1 or sp2.  Treat accordingly.  2007 does not need a reboot but I have seen these Update rollups sometimes need to be reinstalled as the initial install may mess up.  2k3 does need a reboot and a mere stopping of services and restarting on a SBS 2k3 box isn’t enough. 2.  SQL and on a SBS box we have ‘em coming out of our ears.  It’s replacing SQL engine as well.  Also treat like a service pack.  Only nails you if you have an external web site exposed and they can get in through cross site scripting, so I don’t see that we should be patching quickly on this one, we have time.  Treat also like a service pack as if the permissions in that database are horked you are calling a PSS SQL expert as there’s no easy blog answer as someone has to dig out the log file and read it

The good folks over on the Microsoft Security Response Center blog posted February’s Q&A session and it looks like they managed to answer 37 total questions in the time allotted.  If you couldn’t make the actual session but had a question you were dying to ask then the chances look good that somebody else maybe asked the same one.  You can check out their entire post here .

Microsoft, Symantec, ICANN, Neustar, Verisign, CNNIC, Afilias, Public Internet Registry, Global Domains International Inc., M1D Global, AOL, F-Secure, ISC, researchers from Georgia Tech, The Shadowserver Foundation, Arbor Networks, and Support Intelligence formed a coalition to target the group or person(s) behind Downadup/Conficker infection that infects large numbers of users worldwide. See blog entry of Symantec at https://forums.symantec.com/t5/Malicious-Code/Coalition-Formed-in-Response-to-W32-Downadup/ba-p/388129#A241 Microsoft created pages about Conficker and guide how to remove it and they also offer $250,000 reward for Conficker arrest and conviction .  For full list of vendors that has information on this infection, see http://isc.sans.org/diary.html?storyid=5860 Please run a scan using the latest detection of your preferred antivirus and anti-malware program and ensure that your programs and OS are fully patched.

As part of the Microsoft Security Bulletin Summary for February 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Office, …

The destructive actions of its creators have now resulted in Conficker being labelled as a criminal attack by Microsoft Corp., which has this week revealed it is offering a sizeable dollar amount for the apprehension of those … Security … users would be well advised to make sure they are running on updated anti-Virus and/or Internet protection software, and are also completely up to speed with the latest Microsoft update (MS08-067) for their operating systems

Trend WFBS 5.1 on SBS 2008 - SBSfaq.com Blog Site: http://blog.sbsfaq.com/Lists/Posts/Post.aspx?ID=296 Read Wayne’s post.  If you’ve had noticed where SBS 2008 has slowed down after a week and needed rebooting to get it back to speed, request that hotfix 961775.  The issue is with fixed with a hotfix that can be obtained here: http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=961775&kbln=en-us   KB article is still being posted.  It’s a file called tdi.sys that needs to be fixed. Microsoft-Windows-TDI-Over-TCPIP.  Don’t let the fact that the patch says it’s for Vista fool you, because the are the same codebase, request the 64 bit version of the patch and it does the trick. Symptoms can include: Run dcdiag and it faults straight away Try to open ADU&C and it says there’s no domain available Same for ADS&S

I just saw that the folks over on the MSRC blog just posted the info for the February security bulleting release.

Microsoft Corp.

11/02/2009: Microsoft Security Bulletin Summary for February 2009. avatar.

Language(s):    English. Product(s):      Security

As part of Microsoft’s routine, monthly security update cycle, they released the following security bulletins today: MS09-002 - Cumulative Security Update for Internet Explorer (961260) MS09-003 - Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) MS09-004 - Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) MS09-005 - Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634) The bulletin summary is located at: For Consumers & Home Users - http://www.microsoft.com/protect/computer/updates/bulletins/200902.mspx For IT professionals & systems administrators - http://www.microsoft.com/technet/security/bulletin/ms09-feb.mspx See also the blog entry on the above at http://blogs.technet.com/msrc/ Tools to scan for missing patches : Don’t forget to use your preferred vulnerability scanners (Secunia PSI or Software Inspector, SecurityExpressions, Microsoft Baseline Security Analyzer or Belarc) to determine if your system is not missing hotfixes or security updates.  Please do not download security updates from other sources (email, other website).  It’s recommended to get them via Microsoft Update, Windows Update or Office Update website only .

Note : There may be latency issues due to replication, if the page does not display keep refreshing February 10 Today Microsoft released the following Security Bulletin(s).  Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update