Today we released Security Advisory 981169 to address the VBScript issue involving Windows Help files that we blogged about yesterday. To reiterate what we said in that post, we are not aware of any active attacks at this time and the following operating systems are not affected by this issue: Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista.
Our investigation is ongoing. Users on older versions of Windows should review the Security Advisory for mitigations and workarounds for this issue. Additionally, our Security Research & Defense team provides a detailed analysis of the issue and the available workarounds on their blog. User education is a key factor in this scenario given the amount of user interaction required to reach the vulnerability.
Our teams are working to address the issue and once we complete our investigation, we will take appropriate action to protect customers. This may include releasing an update out-of-band. We will provide further updates as they become available.
Sr. Security Communications Manager Lead
*This posting is provided "AS IS" with no warranties, and confers no rights.*