If you did not see the addition of the Microsoft Security Bulleting MS10-002, which includes a cumulative security update to Microsoft Internet Explorer, to the January, 2010 Microsoft Security Bulletin Summary last week, I wanted to post the information here so that you would have it and know where to find this information in the future. Let’s start with some information about MS10-002:
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003). For Internet Explorer 6 for supported editions of Windows Server 2003 as listed, this update is rated Moderate. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 979352.
Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
Please make sure your machines are either being updated through automatic updates. If they are not, please read Microsoft Security Bulleting MS10-002 and follow the appropriate steps to ensure your machines are updates with this information.
Here are some additional security resources you may be interested in as well:
Thank you and have a wonderful day,
Eric Ligman – Follow me on TWITTER and RSS Global Partner Experience Lead Microsoft Worldwide Partner Group This posting is provided "AS IS" with no warranties, and confers no rights