BREAKING NEWS: Critical Out-of-Band Security Update Today

 https://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx

This is an important one folks.

“Who or what software does this impact"?”

You can see the full list HERE under the “Affected Software” section.  But in a nutshell it’s every OS from Windows 2000 and later on running Windows Internet Explorer 6 and later.  Yes, it includes Internet Explorer 8.

“What’s the exploit?”

A maliciously crafted website could allow an attacker to gain access to a computer using the same security rights as the logged on user. 

“Is there any good news in this?”
I guess if there were any good news, it would be that there have not (as of this writing) been any exploits of IE 7 or IE 8, but the proof of concept is real and valid. 

This also doesn’t impact “Core” installations of Windows Server 2008 or Windows Server 2008 R2.

“Where can I get the update?”

The update(which, by the way, is a “cumulative update”) will be available at or around 10:00AM Pacific time, and there will be a new Security Advisory published also.  In the meantime, you can reference Security Advisory 979352.  When the new advisory and the update are available, I will post links to them here.

UPDATE:

Here is the security bulletin - https://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx

And the updated security advisory is live here - https://www.microsoft.com/technet/security/advisory/979352.mspx

Here's what the MSRC has to say about it.

And finally; if here is the "Regular IT Guy" perspective.