Browser

Microsoft Security Bulletin Advance Notification March 2010 Out-of-Band

by certifiedbug on March 29, 2010

in Microsoft

The Microsoft Security Response Center (MSRC)

Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing security update MS10-018 tomorrow, March 30, 2010, at approximately10:00 a.m. PDT (UTC-8). MS10-018 resolves Security Advisory 981374, addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory and we continue to encourage all customers to upgrade to this version to benefit from the improved security protection it offers.

We recommend that customers install the update as soon as it is available. Once applied, customers are protected against the known attacks related to Security Advisory 981374. We have been monitoring this issue and have determined an out-of-band release is needed to protect customers. For customers using automatic updates, this update will automatically be applied once it is released. Additionally, because Security Bulletin MS10-18 is a cumulative update, it will also address nine other vulnerabilities in Internet Explorer that were planned for release on April 13.

A public webcast on Tuesday, March 30 at 1:00 p.m. PST (UTC -8) will present information on the bulletin and take customer questions.

Registration: https://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032448112

{ 0 comments }

Microsoft Security Advisory (981374)

by certifiedbug on March 9, 2010

in Microsoft

TechNet

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable.

http://www.microsoft.com/technet/security/advisory/981374.mspx

{ 0 comments }

win32hlp and Internet Explorer issue

by certifiedbug on February 28, 2010

in Microsoft

The Microsoft Security Response Center (MSRC)
Sunday, February 28, 2010

On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue.

The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link.

Article: http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx

Microsoft is investigating the issue and will provide more information as it becomes available.

{ 0 comments }

Advance Notification for Out-of-Band Bulletin Release

by certifiedbug on January 20, 2010

in Microsoft

The Microsoft Security Response Center (MSRC)

Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21st, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.

Today we also updated Security Advisory 979352 to include technical details addressing additional customer questions.

Complete article here

Microsoft will host a webcast to address customer questions.
Date: Thursday Jan 21
Time: 1:00 p.m. PST (UTC -8)

Register for the webcast here

{ 0 comments }

Security Advisory 979352 update will be released Out of Band

January 19, 2010

MSRC TEAM Tuesday, January 19 Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability. We take the decision to go out-of-band very seriously given the impact to customers, but we [...]

Read the full article →

Microsoft Advisory 979352 Update

January 18, 2010

MSRCTEAM Monday January 18 Current threat landscape for Security Advisory 979352 As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6. We have not seen successful attacks on Internet Explorer 8. We continue to recommend customers upgrade to Internet Explorer 8 to benefit [...]

Read the full article →

Microsoft Security Advisory 977981

November 23, 2009

Vulnerability in Internet Explorer Could Allow Remote Code Execution Published: November 23, 2009 Version: 1.0 Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue. Our investigation so far has shown that [...]

Read the full article →

Grab bag

March 13, 2009

Anti-Social Networking Differences between IE8 Compatibility View and IE7 Completing the Windows Experience with Windows Live TinyURL usage becoming more common in Phishing and IM Attacks – Harry Waldron – Corporate and Home Security Conficker.C variant set for April 1st surprise, CA says Security Updates available for Adobe Reader 9 and Acrobat 9 Foxit version [...]

Read the full article →

IE8 Blocker Toolkit Available

January 8, 2009

IEBlog To help our users be more secure and up-to-date, we will distribute IE8 via Automatic Update (AU) and the Windows Update (WU) and Microsoft Update (MU) sites much like we did for IE7. We know that in a corporate environment, the IT organization will often want to delay the introduction of a new browser [...]

Read the full article →

CSS expressions support ends with IE8 Beta 2

October 17, 2008

IE Blog. Design criteria such as standard compliance, performance, reliability and security framed the design of IE8 as whole, for new as well as existing features. As a result, CSS expressions are no longer supported in IE8 standards mode. This change was announced previously on the IE blog, however, this post will provide a few [...]

Read the full article →

← Previous Entries