Critical Security Bulletin for Internet Explorer

February, 2010

This alert is to provide you with an overview of the new security bulletin released on January 21st. Microsoft has released an out-of-band security update (MS10-002) for Internet Explorer that addresses 8 vulnerabilities on systems running various versions of Internet Explorer.


Executive Summary

Microsoft has warned of flawed software in Internet Explorer that hackers can exploit to take over some computers.

This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003). For Internet Explorer 6 for supported editions of Windows Server 2003 as listed, this update is rated Moderate.


Recommendations

The majority of our clients have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. For those of you who have not enabled automatic updating, you will need to check for updates and install this update manually.

PLEASE NOTE: a restart of your machine is necessary for the completion of this update.