Alert for Users of Internet Explorer 6 and 7 : ADVANCE NOTIFICATION - March 30, 2010 (OOB) Microsoft Security Bulletin Release
What is the purpose of this alert?
This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on March 30, 2010. The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these attacks.
The vulnerability used in these attacks, along with workarounds, is described in Microsoft Security Advisory 981374.
The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.
Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at www.microsoft.com/protect.
Maximum Severity Rating
Impact of Vulnerability
Remote Code Execution
The update will require a restart.
All supported versions of Internet Explorer on supported versions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Note: information on affected software listed above is an abstract. Please see the Advance Notification Web page at the link below for complete details.
Although we do not anticipate any changes, the information provided in this summary is subject to change until the release.
The full version of the Microsoft Security Bulletin Advance Notification for this (OOB) release can be found at http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx.
Public Bulletin Webcast
Microsoft will host a public webcast to address customer questions on these bulletins:
Title: Information about Microsoft March (OOB) Security Bulletin (Level 200)
Date: Tuesday, March 30, 2010, at 1:00 PM Pacific Time (U.S. & Canada).
Resources related to this alert
· Security Advisory 981374 – Vulnerability in Internet Explorer Could Allow Remote Code Execution: http://www.microsoft.com/technet/security/advisory/981374.mspx
· Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/
· Microsoft Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/
· Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/
· Microsoft Security Development Lifecycle (SDL) Blog: http://blogs.msdn.com/sdl/