Good Afternoon, You may be aware that Microsoft have made an announcement regarding an out of band update release scheduled for this week. Microsoft has informed CCIP that when they release an update which is outside of its regular monthly scheduled, an 'out-of-band' release, that it is significant and this why CCIP is bringing this to your attention. CCIP advise you to evaluate and apply the applicable updates at your earliest opportunity. Please note that the Tuesday referred to is US time and therefore Wednesday the 29th in New Zealand. The following was released by Microsoft: ---BEGIN QUOTE--- This is an advance notification of two Out-of-Band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to mitigate future attacks related to the Visual Studio bulletin, as well as fixes for vulnerabilities rated Critical that are not currently under active attack. The full version of this Microsoft Security Bulletin Advance Notification can be found at http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx. ================================= NEW BULLETIN SUMMARY ================================= Bulletin ID: Visual Studio Maximum Severity Rating: Moderate Vulnerability Impact: Remote Code Execution Restart Requirement: Requires restart Affected Software: Microsoft Visual Studio .NET 2003, Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, Microsoft Visual C++ 2005, and Microsoft Visual C++ 2008 ================================= Bulletin ID: Internet Explorer Maximum Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: Requires restart Affected Software: Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 ================================= Disclaimer on Possible Changes ================================= Although we do not anticipate any changes, the information provided in this summary is subject to change until the release. At this time, no additional information on this bulletin such as details regarding severity or details regarding the vulnerability will be made available until the bulletin is published. ====================================== Microsoft is hosting two webcasts to address customer questions on these bulletins on July 28, 2009, at 1:00 PM Pacific Time (US & Canada) and at 4:00 PM Pacific Time (US & Canada). Register now for the July 28, 1:00 PM Webcast and the July 28, 4:00 PM Webcast. Afterwards, these webcasts are available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts. ---END QUOTE--- CCIP are not proposing to alert on this issue further unless new information or issues come to light. Please refer to the Microsoft bulletin for routine updates. Many thanks, The CCIP Team -- Centre for Critical Infrastructure Protection Government Communications Security Bureau P: +64 4 498 7654 F: +64 4 498 7655 E: info(a)ccip.govt.nz I: www.ccip.govt.nz ===================================================================== If you would like to subscribe or unsubscribe from CCIP Vulnerability Alerts, Advisories, and e-Bulletins, Please send an email with either 'Subscribe' or 'Unsubscribe' in the subject line to publications(a)ccip.govt.nz ===================================================================== --- This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. ---