The Microsoft Security Response Team posted their video discussion for the January 2011 Patch Tuesday along with the Questions and Answers they had.

Here is the video:

And here are the Q&A’s:

Q: What SMB ports are safe to block outbound?

A: Blocking SMB requires preventing TCP ports 139 & 445 from traversing the firewall.  However, there are impacts of doing this if you use SMB-based services across your perimeter.  The primary impacts are CIFS, RPC over SMB, and File/print services.  A full list is found in the bulletin.  You should decide based on your own environment which are ‘safe’ to block.

Q: Late last month Windows XP with Internet Explorer 6 and MS10-090 installed were prompted to install MS10-071. Was this an incorrect detection / supercedence issue, and was it corrected?

A: The supercedence issue for MS10-090 has been fixed.

Q: The January 2011 Bulletin Summary contains a link to ‘Updates from Past Months for Windows Server Update Services’ which remains out of date, September 2010.

A: The team responsible for updating these links is switching to an automated process. This will be resolved shortly.

Q: Why am I not receiving SMS alerts from the MSRT via the Live Alert Service, did the MSRC stop publishing these?

A: This service was terminated in September and is no longer offered on the TechNet Security Notifications page. There are some alternatives available, please see:

Q: Is there any news on the fake MSE virus, as well as the phony HDD/Defrag virus?
We recently blogged on both of these and you can find more details on each of these viruses at .  Microsoft also detects both of them through the MSRT