Microsoft Issues Out-of-Band Update for Critical, Actively Exploited IE Vulnerability

Article by George Norman (Cybersecurity Editor)

on 30 Mar 2010

Earlier this month Microsoft announced it uncovered a critical security vulnerability that affects its Internet Explorer web browser – mind you, only IE6 and IE7, not IE8. At the time Microsoft released a security advisory in which it explained that the vulnerability “exists due to an invalid pointer reference being used within Internet Explorer.” The vulnerability, if successfully exploited by a person with malicious intent, could allow for remote code execution.

The bad news got worse when Microsoft announced that people with malicious intent were indeed actively exploiting it to infect Windows-powered computers with a Trojan. Since actively exploited vulnerabilities are a big concern, Microsoft said it is considering releasing an out-of-band update for the issue. To help Internet explorer users stay safe and protected, the company updated the security advisory it initially rolled out – it added a Microsoft Fix It to automate a workaround for XP and Windows Server 2003 users.

Turns out that an out-of-band update will be released to address this critical vulnerability – and it will be released today, the 30th of March. The critical vulnerability will be addressed by security update MS10-018, a cumulative security update that addresses 9 other vulnerabilities (this time IE8 is included in the list of affected applications).

“We recommend that customers install the update as soon as it is available. Once applied, customers are protected against the known attacks related to Security Advisory 981374. We have been monitoring this issue and have determined an out-of-band release is needed to protect customers. For customers using automatic updates, this update will automatically be applied once it is released. Additionally, because Security Bulletin MS10-18 is a cumulative update, it will also address nine other vulnerabilities in Internet Explorer that were planned for release on April 13,” explained Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all