What is the purpose of this alert?
This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on January 21, 2010. The bulletin will be for Internet Explorer to address limited, targeted attacks against customers using Internet Explorer 6, as well as fixes for vulnerabilities rated Critical that are not currently under active attack.
The purpose of the notification is to assist customers with resource planning for this security bulletin release. The information offered in the notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk.
New Bulletin Summary
Maximum Severity Rating
Impact of Vulnerability
Remote Code Execution
The update will require a restart.
All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008*, Windows 7, and Windows Server 2008 R2*.
* Where indicated in the Affected Software table on the Advance Notification Web Page, the vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2, when installed using the Server Core installation option. Please see the Advance Notification Web page at the link below for more details.
Although we do not anticipate any changes, the information provided in this summary is subject to change until the release.
The full version of the Microsoft Security Bulletin Advance Notification for this release can be found at http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx.
Public Bulletin Webcast
Microsoft will host a webcast to address customer questions on these bulletins:
Title: Information about Microsoft January (OOB) Security Bulletin (Level 200)
Date: Thursday, January 21, 2010, at 1:00 PM Pacific Time (U.S. & Canada).
At this time no additional information on these bulletins, such as details regarding severity or details regarding the vulnerability, will be made available until the bulletin is published.
Resources related to this alert
· Security Advisory 979352 – Vulnerability in Internet Explorer Could Allow Remote Code Execution: http://www.microsoft.com/technet/security/advisory/979352.mspx
· Microsoft Knowledge Base Article 979352: http://support.microsoft.com/kb/979352
· Issue Landing Page: http://www.microsoft.com/security/updates/ie.aspx
· Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/
· Microsoft Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd/
· Microsoft Malware Protection Center (MMPC) Blog: http://blogs.technet.com/mmpc/
· Microsoft Security Development Lifecycle (SDL) Blog: http://blogs.msdn.com/sdl/
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.
If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.
Microsoft CSS Security Team