US-CERT Technical Cyber Security Alert TA10-021A -- Microsoft Internet Explorer Vulnerabilities

National Cyber Alert System
Technical Cyber Security Alert TA10-021A

Microsoft Internet Explorer Vulnerabilities

Original release date: January 21, 2010
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Internet Explorer

Overview

Microsoft has released out-of-band updates to address critical vulnerabilities in Internet Explorer.

I. Description

Microsoft has released updates for multiple vulnerabilities in Internet Explorer, including the vulnerability detailed in Microsoft Security Advisory 979352 and US-CERT Vulnerability Note VU#492515.

II. Impact

By convincing a user to view a specially crafted HTML document or Microsoft Office document, an attacker may be able to execute arbitrary code with the privileges of the user.

III. Solution

Apply updates

Microsoft has released updates to address these vulnerabilities. Please see Microsoft Security Bulletin MS10-002 for more information.

Apply workarounds

Microsoft has provided workarounds for some of the vulnerabilities in MS10-002.

IV. References

Microsoft Security Bulletin MS10-002 - <http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx>
Microsoft Security Advisory 979352 - <http://www.microsoft.com/technet/security/advisory/979352.mspx>
US-CERT Vulnerability Note VU#492515 - <http://www.kb.cert.org/vuls/id/492515>

Feedback can be directed to US-CERT.

Produced 2010 by US-CERT, a government organization. Terms of use

Revision History

January 21, 2010: Initial release

Last updated January 21, 2010