Earlier this week, I posted a link to the Security Advisory 979352 Posted: Vulnerability in Internet Explorer Could Allow Remote Code Execution.
As noted on the MSRC blog, there's an advance notification for an out-of-band release for MS10-002…
"Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.
"Today we also updated Security Advisory 979352 to include technical details addressing additional customer questions.
"The updated Security Advisory includes guidance in relation to reports of proof of concept (POC) code that bypasses Data Execution Prevention (DEP) and additional information on the exploitability of, and mitigations and workarounds for, Microsoft products that use mshtml.dll.
"Based on our comprehensive monitoring of the threat landscape, we continue to see only limited attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6.
"We continue to recommend that customers update to Internet Explorer 8 to benefit from the improved security protection it offers."
As Jerry noted, please join today (Thursday, January 21) at 1:00pm Pacific (UTC – 8) for a public webcast. We'll provide more information on the bulletin and take your questions.
Date: Thursday Jan 21
Time: 1:00 p.m. PST (UTC -8)
Also available via http://bit.ly/7wNUpp