This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on March 30, 2010. The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these attacks.

The vulnerability used in these attacks, along with workarounds, is described in Microsoft Security Advisory 981374.

The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at .

New Bulletin Summary

Bulletin Identifier Internet Explorer
Maximum Severity Rating Critical
Impact of Vulnerability Remote Code Execution
Restart Requirement The update will require a restart.
Affected Software All supported versions of Internet Explorer on supported versions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
Note: information on affected software listed above is an abstract. Please see the Advance Notification Web page at the link below for complete details.

Although we do not anticipate any changes, the information provided in this summary is  subject to change until the release.

The full version of the Microsoft Security Bulletin Advance Notification for this (OOB) release can be found at

Public Bulletin Webcast

Microsoft will host a public webcast to address customer questions on these bulletins:

Title: Information about Microsoft March (OOB) Security Bulletin (Level 200)

Date: Tuesday, March 30, 2010, at 1:00 PM Pacific Time (U.S. & Canada).


Post By Editor (2,827 Posts)

Website: →