FYI...per http://www.theregister.com/2005/05/10/ms_i...ity_advisories/
May 10, 2005
"...Information will be distributed as needed in the form of security advisories, which will be released as needed. Potential topics of the advisories include guidance on publicly disclosed, but yet unpatched, vulnerabilities, notification when code is released to exploit a software flaw, and information on Microsoft updates that are not security patches but which do provide some security benefits..."

- http://www.microsoft.com/technet/security/...ry/default.mspx

Current Security Advisories:
May 2005

Security Advisory (892313)
- http://www.microsoft.com/technet/security/...ory/892313.mspx
Default Setting in Windows Media Player Digital Rights Management Could Allow a User To Open A Web Page Without Requesting Permission

Security Advisory (842851)
- http://www.microsoft.com/technet/security/...ory/842851.mspx
Clarification Of The Tar Pit Feature Provided For Exchange Server 2003 In Windows Server 2003 Service Pack 1 ..."



This post has been edited by AplusWebMaster: Dec 30 2006, 09:17 PM

FYI...

Microsoft Security Advisory (973882)
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/...ory/973882.mspx
• V4.0 (October 13, 2009): Advisory revised to add an entry in the Updates related to ATL section to communicate the release of Microsoft Security Bulletin MS09-060, "Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution."
- http://www.microsoft.com/technet/security/...n/ms09-060.mspx

Microsoft Security Advisory (975191)
Vulnerabilities in the FTP Service in Internet Information Services
- http://www.microsoft.com/technet/security/...ory/975191.mspx
• V3.0 (October 13, 2009): Advisory updated to reflect publication of security bulletin (MS09-053).
- http://www.microsoft.com/technet/security/...n/ms09-053.mspx

Microsoft Security Advisory (975497)
Vulnerabilities in SMB Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/...ory/975497.mspx
• V2.0 (October 13, 2009): Advisory updated to reflect publication of security bulletin (MS09-050).
- http://www.microsoft.com/technet/security/...n/ms09-050.mspx

FYI...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/security/...ory/973811.mspx
Updated: October 14, 2009 - "... Microsoft Security Bulletin MS09-054 contains a defense-in-depth, non-security update that enables WinINET to opt in to Extended Protection for Authentication.
• V1.1 (October 14, 2009): Updated the FAQ with information about a non-security update included in MS09-054* relating to WinINET.
* http://www.microsoft.com/technet/security/...n/ms09-054.mspx

FYI...

Microsoft Security Advisory (977544)
Vulnerability in SMB Could Allow Denial of Service
- http://www.microsoft.com/technet/security/...ory/977544.mspx
November 13, 2009 - "Microsoft is investigating new public reports of a possible denial of service vulnerability in the Server Message Block (SMB) protocol. This vulnerability cannot be used to take control of or install malicious software on a user’s system. However, Microsoft is aware that detailed exploit code has been published for the vulnerability. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities..."

- http://isc.sans.org/diary.html?storyid=7597
Last Updated: 2009-11-14 02:36:34 UTC - "... Assuming that you block TCP ports 139 and 445 the only impact would be an internal attacker could disable affected systems until restarted. In the grand scheme of things this would not be a critical issue unless all of a sudden your servers had to be rebooted on a regular basis, in that case you may have bigger problems because the fox would already be in the henhouse. The list of affected systems is: Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems (includig Server Core), and Windows Server 2008 R2 for Itanium-based Systems..."