Today we released MS10-018 out-of-band due to increases in attacks against Internet Explorer 6 and Internet Explorer 7 using the vulnerability discussed in Security Advisory 981374. I want to reiterate that Internet Explorer 8 is not affected by this issue so customers using this version are not affected by these attacks and we continue to encourage customers to upgrade to the newer version because it provides more security and protection.
MS10-018 is a typical cumulative update for Internet Explorer and was originally going to be released during the normal update cycle on the 13th of April. The Internet Explorer team accelerated testing of this update due to the growing attacks against the publicly disclosed vulnerability (CVE-2010-0806), and the update has reached the appropriate quality bar for distribution to customers. [1]
Out of Band Patch
| Bulletin | KB number | Description | Severity | Impact | Software |
|---|---|---|---|---|---|
| MS10-018 | 980182 | Cumulative Security Update for Internet Explorer | Remote Code Execution | Critical | Microsoft Windows, Internet Explorer |
PATCH NOW:
NOW: MS10-018
We recommend that customers install the update as soon as it is available. Once applied, customers are protected against the known attacks related to Security Advisory 981374. We have been monitoring this issue and have determined an out-of-band release is needed to protect customers. [2]
This update resolves 10 different vulnerabilities in Internet Explorer, of which the most severe impact can be execution of arbitrary code. All versions of IE from 5.01 to 8.0 are affected to varying degrees. [3]
This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. [4]
[1] Security Bulletin MS10-018 Released (2010-Mar-30) [MSRC]
[2] Internet Explorer Cumulative Update Releasing Out-of-Band (2010-Mar-29) [MSRC]
[3] OOB Update for Internet Explorer MS10-018 (2010-Mar-29) [SANS]
[4] Microsoft Security Bulletin Summary for March 2010 (2010-Mar-30) [MS]
CRP10-020
0 Responses to “Microsoft Security – One out-of-band update (Mar-2010)”