Hey everyone. Stephen Toulouse here. There has been a bit of a flurry of activity here in Redmond this morning when we noticed a couple of people releasing information about an SMB vulnerability in Windows 2000.
We just want to let everyone know that we've investigated this claim and found the vulnerability being discussed is fixed by MS05-011, a security update released almost 16 months ago. We contacted our partners on this and made sure they understood this is not new. What *is* new is that someone reportedly has found a different way to exploit the vulnerability. But if you have the update, you're protected.
Just as a long U.S. holiday reminder, we watch the firstname.lastname@example.org email 365 days a year, so we'll have an eye out this weekend. In addition, teams are still working on the Office Word update.
Here's wishing everyone a safe Memorial Day weekend in the U.S., and a safe weekend in general to our international customers as well.
*This posting is provided "AS IS" with no warranties, and confers no rights.*
edit: [consider this the caveat, aka "according to Microsoft"]
MSRC Blog : Incorrect reports of a new Windows 2000 SMB vulnerability