Full of I.T.

Kevin Remde's IT Pro WebLog

BREAKING NEWS: Critical Out-of-Band Security Update Today

Important Security News


This is an important one folks.

“Who or what software does this impact”?”

You can see the full list HERE under the “Affected Software” section.  But in a nutshell it’s every OS from Windows 2000 and later on running Windows Internet Explorer 6 and later.  Yes, it includes Internet Explorer 8.

“What’s the exploit?”

A maliciously crafted website could allow an attacker to gain access to a computer using the same security rights as the logged on user. 

“Is there any good news in this?”
I guess if there were any good news, it would be that there have not (as of this writing) been any exploits of IE 7 or IE 8, but the proof of concept is real and valid. 

This also doesn’t impact “Core” installations of Windows Server 2008 or Windows Server 2008 R2.

“Where can I get the update?”

The update(which, by the way, is a “cumulative update”) will be available at or around 10:00AM Pacific time, and there will be a new Security Advisory published also.  In the meantime, you can reference Security Advisory 979352When the new advisory and the update are available, I will post links to them here.


Here is the security bulletin – http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx

And the updated security advisory is live here – http://www.microsoft.com/technet/security/advisory/979352.mspx

Here’s what the MSRC has to say about it.

And finally; if here is the “Regular IT Guy” perspective.