It’s interesting, I was just talking with Hitachi’s blogger and CTO about what to do in a crisis. Here’s one thing. Warn your customers. That’s what I’m doing here. We’re seeing a bad exploit being reported on blogs and other places. I’m off to check with Stephen Toulouse of the security response center here at Microsoft (I’m a bit at a disadvantage cause I’m blogging from Hitachi’s Storage DataSystems Headquarters — I’m heading back to Microsoft’s offices so I can get access to Microsoft’s internal information sharing systems). The security response center is listening to email sent to firstname.lastname@example.org — if you have a new security problem, that’s a good place to send email to. Microsoft’s security Web site is here. If you need support with one of our products, please contact support here.
Update: the Security Response Center is working on this. They have a blog, but haven’t posted about this issue yet.
I have a video interview with Stephen on Channel 9, in case you want to know a little more. Here’s a tour of the response center’s workers so you can get a little better idea of the people who are working hard to fix this problem.
Update 2: the Security Response Center has posted a security advisory on this issue.