leedesmond’s blog

Users with supported versions of Internet Explorer on Windows 2000/2003/2008/R2*, Windows XP, Windows Vista and Windows 7 should check out the very important information described in the Security Bulletin MS10-002 (some had it name MS01-002).

Details and download of this cumulative security update is documented in KB978207. Alternatively, run a manual check, download and install the patch via Windows Update from Control Panel. As always, plan, test, (backup before) deployment of any security fixes on critical infrastructure should not be overlooked for any sizable deployments.

This out-of-band security update is rated critical**, supersedes MS09-072 and affects Internet Explorer version 5.01 through IE 8. Severe vulnerabilities in the browser could allow remote code execution if a user views a specially crafted Web page.

Some recommended best practices:

• activate host-based firewall
• running, up-to-date anti-malware / spyware / anti-virus application
• use an account that does not have local administrative rights for day-to-day tasks (browsing, email, etc.)
• refrain from visiting, opening or clicking links from suspicious sources
• enable Automatic Windows Update (see KB294871)
• scan and clean your machine to identify and remove malicious software
• subscribe and keep up to date with security bulletins

* Server Core editions not affected
** rated moderate for IE 6 on supported editions of Windows Server 2003 as of this writing

References:
- Microsoft Security Response Center blog
- TechNet: Security Bulletin Search
- Vulnerability in Internet Explorer could allow remote code execution (KB979352)
- Security update for Internet Explorer, January 2010
- Microsoft Security Bulletin Summary for January 2010

Technorati tags: Security

No Comments »