Network Box Security Response has released a second supplemental report on the January 2010 Microsoft Patch Tuesday.
In response to highly publicised attacks reportedly exploiting a zero-day (without protection) vulnerability in the Microsoft Internet Explorer web browser, Microsoft has released, out-of-band, security bulletin MS10-002 addressing seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer.
This bulletin is:
MS10-002 affecting Microsoft Internet Explorer and other applications using the mshtml.dll component.
While the publicised issue so far only affects Internet Explorer 6, this cumulative update also addresses seven other vulnerabilities affecting multiple versions of Internet Explorer. The updates to address these issues have now been released by Microsoft and are available for installation.
To provide the best and fullest protection, we recommend that all customers apply the Microsoft updates and patch as soon as possible.
You can download the report as a PDF here
Please note that some of the protection signatures released require the new NBIDPS system, and are only available to customers enrolled in this new system's currently ongoing beta test.

Back