Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Adobe has issued a security update to its Shockwave Player which patches quite a few critical vulnerabilities. Many of the vulnerabilities could have allowed attackers to execute arbitrary code on the target machine.

Adobe Shockwave Player 11.5.8.612 Plugs 18 Critical Holes

Multilingual OTL (OldTimer ListIt) Log Analysis * Multilingual OTL Tutorials * OTL Downloads * Malware Removal * Microsoft Security Info & Alert Center * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: Bulletin MS10-002 Released  (Read 356 times)

0 Members and 1 Guest are viewing this topic.

GilbertTopic starter

  • Updates Moderator
  • *
  • Offline Offline
  • location: Arctic
  • Posts: 10560
Bulletin MS10-002 Released
« Reply #1 on: January 21, 2010, 08:00:33 PM »
Bulletin MS10-002 Released
21 January 2010, 6:30 pm

Hello,

Today we released Security Bulletin MS10-002 out-of-band to address vulnerabilities in Internet Explorer. All customers using currently supported versions of Windows and Internet Explorer should apply this update as soon as possible. Once applied, customers are protected against the known attacks that have been widely publicized. For customers using automatic updates, this update will automatically be applied once it is released.

I also wanted to clarify some information that we included in our update to Security Advisory 979352 yesterday. We let customers know that there are other applications that may use mshtml.dll as a rendering engine and if those applications allow active scripting, they can be used as an attack vector. Customers who install today’s update are NOT vulnerable and are protected from all known attack vectors. These applications are NOT vulnerable and no security updates are needed for them. Installing today’s Internet Explorer update addresses the vulnerability across all applications.

As we noted in our blog post yesterday, this Internet Explorer security update was already planned for release in February. When the attack discussed in Security Advisory 979352 was first brought to our attention on Jan 11, we quickly released an advisory for customers two days later. As part of that investigation, we also determined that the vulnerability was the same as a vulnerability responsibly reported to us and confirmed in early September.

For a detailed review of today’s bulletin, please join Adrian Stone and I today for a live webcast where we will try to answer your questions in real time. Registration information:

Date: Thursday Jan 21    

Time: 1:00 p.m. PST (UTC -8)    

Registration: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032440627

Hope to see you there!

Jerry Bryant

 

*This posting is provided "AS IS" with no warranties, and confers no rights.*



Source: The Microsoft Security Response Center (MSRC)

>> To obtain the full Microsoft Security Center - MSRC article, click the link in the first post line <<
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
 BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content © 2006 - 2010 Smokey Services™ -- All rights reserved
Design of all board graphics, banners and images by Emma aka Tinker - © 2006 - 2010 Smokey Services™ -- All rights reserved
Smokey's Security Forums is member AQMRB - Alliance of Qualified Malware Removal Boards™, an organisation of Approved Qualified Malware Removal Help & Support Boards
Member ASAP - Alliance of Security Analysis Professionals™

    

  

Smokey's provide fully qualified OTL (OldTimer ListIt) Log Analysis & Malware Removal services in English, German and Spanish language