ADVANCE NOTIFICATION - March 30, 2010 (OOB) Microsoft Security Bulletin Release

[Dr.Melzer 191]

Vor kurzem wurde nachfolgende Ankündigung eines außerplanmäßigen Microsoft Security Bulletin veröffentlicht. Das außerplanmäßige Update wurde für heute (30.03.2010) geplant und betrifft Microsoft Internet Explorer 6 und Internet Explorer 7.

 

Weiterführende Informationen findet Ihr in der Mail unten oder in deutscher Sprache in Kürze auch auf den deutschen Microsoft TechNet-Seiten: TechNet-Sicherheitscenter

[Dr.Melzer 191]

What is the purpose of this alert?

 

This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on March 30, 2010. The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these attacks.

 

The vulnerability used in these attacks, along with workarounds, is described in Microsoft Security Advisory 981374.

 

The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.

 

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at http://www.microsoft.com/protect.

 

NEW BULLETIN SUMMARY

 

Bulletin Identifier Internet Explorer

Maximum Severity Rating Critical

Impact of Vulnerability Remote Code Execution

Restart Requirement The update will require a restart.

Affected Software All supported versions of Internet Explorer on supported versions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Note: information on affected software listed above is an abstract. Please see the Advance Notification Web page at the link below for complete details.

 

Although we do not anticipate any changes, the information provided in this summary is subject to change until the release.

 

The full version of the Microsoft Security Bulletin Advance Notification for this (OOB) release can be found at Microsoft Security Bulletin Advance Notification for March 2010.

 

PUBLIC BULLETIN WEBCAST

 

Microsoft will host a public webcast to address customer questions on these bulletins:

Title: Information about Microsoft March (OOB) Security Bulletin (Level 200)

Date: Tuesday, March 30, 2010, at 1:00 PM Pacific Time (U.S. & Canada).

URL: Microsoft Security Bulletin Summaries and Webcasts

 

At this time no additional information on this bulletin, such as details regarding severity or details regarding the vulnerability will be made available until the bulletin is published.

[Dr.Melzer 191]

RESOURCES RELATED TO THIS ALERT

 

• Security Advisory 981374 – Vulnerability in Internet Explorer Could Allow Remote Code Execution: Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution

 

• Microsoft Security Response Center (MSRC) Blog: The Microsoft Security Response Center (MSRC)

 

• Microsoft Security Research & Defense (SRD) Blog: Security Research & Defense

 

• Microsoft Malware Protection Center (MMPC) Blog: Microsoft Malware Protection Center

 

• Microsoft Security Development Lifecycle (SDL) Blog: The Security Development Lifecycle

 

REGARDING INFORMATION CONSISTENCY

 

We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

Microsoft CSS Security Team