Hello everyone,

This is Christopher Budd. .....

..... While we don’t have a firm estimate on when we’ll complete our development and testing of updates for this issue, we have teams around the world working on it twenty-four hours a day, and hope to have updates no later than May 8, 2007 for the May monthly bulletin release. However, this is a developing situation and we are constantly evaluating the situation and the status of our development and testing of updates.

For this issue, our teams are working on developing and testing 133 separate updates: one in every language for every currently supported version of Windows servers. Each of these has to be tested to ensure they effectively protect against the vulnerability. Because DNS is a critical part of the networking infrastructure, they also have to be tested to ensure that changes introduced by the updates don’t pose a greater risk than the security issue we’re addressing.

We again encourage customers to deploy the workarounds discussed in the security advisory . These are effective against the attacks we’ve seen so far. Additionally, we want to urge customers specifically to evaluate the registry key workaround and ensure they’re using the latest signatures for their security protection product.

We are continuing to monitor the situation closely. As we have been doing, we’ll make updates as we have new information through our security advisory and through the MSRC weblog.

Thanks.

Christopher

*This posting is provided "AS IS" with no warranties, and confers no rights.*