Microsoft's Security Response Center (MSRC) team launched a new blog aimed at offering more in-depth information about vulnerabilities, on-going attacks and how to possibly mitigation the situations. The blog, called "Security Vulnerability Research & Defense," will be written by Damian Hasse, Jonathan Ness, Greg Wroblewski, all of whom are security software engineers at Microsoft.
So far the blog content consists of two posts aimed at clarifying recent security updates released by Microsoft. The firsts post offers an anecdote regarding a patch for the Message Queueing service that the company felt wasn't appropriate to include in its related bulletin, MS07-065. According to Microsoft, some systems might not be vulnerable if they don't have a primary DNS suffix. However since the company couldn't verify that to be true in all cases it opted not to make that statement in it's bulletin.
A second post describes how to sniff network traffic to find machines that don't have the latest version of SMBv2. Microsoft's security update MS07-063 changed the SMBv2 version number from 2.001 to 2.002 and the version number is exposed in network packets and therefore systems without the patch can be identified easily using a simple packet sniffer.
Microsoft didn't say how often they'll update the blog with new information, however if future posts continue to offer information similar to that found in the two inaugural posts then it should become a good resource for Windows security administrators.
