From the patchmanagement.org mailing list, courtesy of Susan Bradley. Microsoft is planning on releasing an "out-of-band" (not on Patch Tuesday) update to Internet Explorer tomorrow (Tue 30 Mar 2010). Reported affected are MSIE 6 and 7, on all platforms. Reported unaffected are MSIE 8 and Win 7.
Microsoft Security Bulletin Advance Notification for March 2010: http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on March 30, 2010. The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these attacks. The vulnerability used in these attacks, along with workarounds, is described in Microsoft Security Advisory 981374. The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack. In response to issue described in advisory posted 9 Mar 2010: http://www.microsoft.com/technet/security/advisory/981374.mspx I wonder if this has anything to do with the sudden up-tick in fake anti-virus trojans that have been hitting us lately. (We went from "zero in six months" to "five in one week".) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~