-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-089A Microsoft Internet Explorer Vulnerabilities Original release date: March 30, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Internet Explorer Overview Microsoft has released out-of-band updates to address critical vulnerabilities in Internet Explorer. I. Description Microsoft has released updates for multiple vulnerabilities in Internet Explorer, including the vulnerability detailed in Microsoft Security Advisory (981374) and US-CERT Vulnerability Note VU#744549. II. Impact By convincing a user to view a specially crafted HTML document or Microsoft Office document, an attacker may be able to execute arbitrary code with the privileges of the user. III. Solution Apply updates Microsoft has released updates to address these vulnerabilities. Please see Microsoft Security Bulletin MS10-018 for more information. Apply workarounds Microsoft has provided workarounds for some of the vulnerabilities in MS10-018. IV. References * Microsoft Security Bulletin MS10-018 - <http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx> * Microsoft Security Advisory (981374) - <http://www.microsoft.com/technet/security/advisory/981374.mspx> * Microsoft Internet Explorer iepeers.dll use-after-free vulnerability - <http://www.kb.cert.org/vuls/id/744549> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-089A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA10-089A Feedback VU#744549" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 30, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBS7KKyj6pPKYJORa3AQJsgAf/SkHbDt3N9SoIvHHHRsYGjbbIBq1wO3zt xQLTkCvapDgRgf+HCPjw8kzQNCqa+Qisfj3OEw1ADJPwh7PLrWnkrdJMgkLjhJtF xON1Cb+nzy4TuccKPwo2ydu/+bxkFfbKVqB7s355LqC+O+uOnklk1GPftqY0vKpx la5sR+BWkjhARC+OMQsYSQ1hfI7DG7qO9tUljoHwjkyz+ry0rdCX3VSvr3mswf9r hAIw17MTzzjWfvr1logn2SDC6e8HR1TAsSCKvicCJvR2SlIiLFneleDSlVQX8H+g EMdZn06dD6tYgzkLrFT77xwfRW9AgQ/WS7Ai8G4+e9zdJl1uO9ICyg== =+WLE -----END PGP SIGNATURE-----