US-CERT Technical Cyber Security Alert TA10-089A -- Microsoft Internet Explorer Vulnerabilities




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


National Cyber Alert System

Technical Cyber Security Alert TA10-089A


Microsoft Internet Explorer Vulnerabilities

Original release date: March 30, 2010
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Internet Explorer


Overview

Microsoft has released out-of-band updates to address critical
vulnerabilities in Internet Explorer.


I. Description

Microsoft has released updates for multiple vulnerabilities in
Internet Explorer, including the vulnerability detailed in
Microsoft Security Advisory (981374) and US-CERT Vulnerability Note
VU#744549.


II. Impact

By convincing a user to view a specially crafted HTML document or
Microsoft Office document, an attacker may be able to execute
arbitrary code with the privileges of the user.


III. Solution

Apply updates

Microsoft has released updates to address these vulnerabilities.
Please see Microsoft Security Bulletin MS10-018 for more
information.

Apply workarounds

Microsoft has provided workarounds for some of the vulnerabilities
in MS10-018.


IV. References

* Microsoft Security Bulletin MS10-018 -
<http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx>

* Microsoft Security Advisory (981374) -
<http://www.microsoft.com/technet/security/advisory/981374.mspx>

* Microsoft Internet Explorer iepeers.dll use-after-free
vulnerability -
<http://www.kb.cert.org/vuls/id/744549>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA10-089A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA10-089A Feedback VU#744549" in
the subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2010 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

March 30, 2010: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS7KKyj6pPKYJORa3AQJsgAf/SkHbDt3N9SoIvHHHRsYGjbbIBq1wO3zt
xQLTkCvapDgRgf+HCPjw8kzQNCqa+Qisfj3OEw1ADJPwh7PLrWnkrdJMgkLjhJtF
xON1Cb+nzy4TuccKPwo2ydu/+bxkFfbKVqB7s355LqC+O+uOnklk1GPftqY0vKpx
la5sR+BWkjhARC+OMQsYSQ1hfI7DG7qO9tUljoHwjkyz+ry0rdCX3VSvr3mswf9r
hAIw17MTzzjWfvr1logn2SDC6e8HR1TAsSCKvicCJvR2SlIiLFneleDSlVQX8H+g
EMdZn06dD6tYgzkLrFT77xwfRW9AgQ/WS7Ai8G4+e9zdJl1uO9ICyg==
=+WLE
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: Asp.Net.Vulnerability: Full Trust (current security problems and possible solutions)
    ... I do agree that when a security consultant finds potential security ... responsibly and provide details of the vulnerabilities discovered to ... what happened on the last 6 months between us and Microsoft: ... Microsoft's solution for the IIS 5.0 FPE2002 vulnerability we ...
    (microsoft.public.security)
  • Re: Asp.Net.Vulnerability: Full Trust (current security problems and possible solutions)
    ... I do agree that when a security consultant finds potential security ... responsibly and provide details of the vulnerabilities discovered to ... what happened on the last 6 months between us and Microsoft: ... Microsoft's solution for the IIS 5.0 FPE2002 vulnerability we ...
    (microsoft.public.inetserver.iis.security)
  • Re: Asp.Net.Vulnerability: Full Trust (current security problems and possible solutions)
    ... I do agree that when a security consultant finds potential security ... responsibly and provide details of the vulnerabilities discovered to ... what happened on the last 6 months between us and Microsoft: ... Microsoft's solution for the IIS 5.0 FPE2002 vulnerability we ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • [NT] Vulnerability in JView Profiler Could Allow Remote Code Execution (MS05-037)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... through Internet Explorer, this update sets the kill bit for the JView ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)
  • Re: Security warning zone?
    ... Service presented in Internet Explorer Enhanced Security. ... you may removed Internet Explorer Enhanced ... Click Close and reboot the server. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)