Stephen Toulouse
Stephen Toulouse
Stephen Toulouse, also known as Stepto, former Director of Xbox LIVE Policy and Enforcement at Microsoft. He frequently represented Microsoft and Xbox Live in various media, including on Larry Hryb's "Major Nelson Radio" Xbox-related podcast, to discuss security and policy issues...
automatic enable flaws key people risk understand
The key thing is really that we want to make people understand the risk with these flaws and that they enable automatic updates.
difficult exploit impact lower operating severity systems terms windows
In general, many of these bulletins have a lower impact in terms of severity and are much more difficult to exploit on newer operating systems such as Windows XP SP2 and Windows Server 2003 SP1.
against code convinced exploit matter reaction saw security team tested windows
We saw the exploit code and our Security Windows Reaction Team tested it against the patch, and we were convinced we would see an attack. It was only a matter of time,
attempted continue currently customers exploit help older operating protect publicly systems urge versions
Currently this exploit is not publicly available, but we continue to urge customers on older versions of our operating systems to deploy MS05-051 to help protect from attempted exploitation,
currently early phase released testing update
Currently that update is in the testing phase and could be released as early as April. But of course, that isn't final.
against applied available center correctly customers download install problem protect resolved situation update
This situation is now resolved and customers should be able to get the update. I want to reiterate that the problem had nothing to do with the update itself, you applied it manually from the download center or got it through SUS 1.0 it should install correctly and protect against the vulnerability. But it's available now for everyone.
activities against close constantly customers environment exploits eye help keeping lists malicious protect related threat threats
The MSRC is constantly monitoring the threat environment for any malicious activity. We are keeping an especially close eye on the newsgroups and vulnerability lists for exploits related to this month's activities and will mobilize immediately to help protect customers against threats as necessary.
began plan ready test track update weeks
Our test and engineering plan for that update that we began two weeks ago is on track to have that update ready for Tuesday.
impact partners seeing widespread
Certainly, right now, we and our anti-virus partners are not seeing a widespread impact of this attack.
best customers face helping meet protect provide secure security service talk valuable views
Security researchers provide a valuable service to our customers in helping us to secure our products. We want to get face to face with them to talk about their views on security, our views on security, and see how best we can meet to protect customers.
address against brought complete issue protect underlying update vulnerable
Should MS05-018 have been a more complete update to address the underlying vulnerable function? Yes, Cesar is right. But I want to reiterate that MS05-018 did protect against the issue that was brought to us,
affected far impact limited remain seeing shown widespread windows
It only affected Windows 2000. So far it has shown a very limited impact -- we're not seeing any widespread impact to the Internet, but we remain vigilant.
accelerate cause fast problems takes testing trigger
This is why it takes so long, but that's not to say that if there's an exploit, we won't accelerate testing and get it out there as fast as we can. But if we find problems in the testing phase, it could trigger a restart and cause even more delays.
both incorrect record size somehow trigger using wrong
There's been some speculation that you can only trigger this by using an incorrect size in your metafile record and that this trigger was somehow intentional. That speculation is wrong on both counts. The vulnerability can be triggered with correct or incorrect size values.