Kevin Remde's IT Pro Weblog
IT Pro Resources
TechNet EventsMicrosoft Security Response CenterTechNet IT Manager Community HubMicrosoft Virtual AcademyKevin’s Evaluation Download Center
IT Pro Evangelist Blogs
Blain Barton Blain Barton's Blog@BlainBar
Brian LewisMy Thoughts on IT...@BrianLewis_
Dan Stolts IT Pro Guru Blog@ITProGuru
Jennelle Crothers TechBunny@jkc137
Keith MayerIT Pros ROCK!@KeithMayer
Kevin Remde Full of I.T.@KevinRemde
Matt Hester Matthew Hester's WebLog@MatthewHester
Tommy PattersonVirtually Cloud 9@Tommy_Patterson
Yung Chou Yung Chou on Hybrid Cloud@YungChou
This is an important one folks.
“Who or what software does this impact"?”
You can see the full list HERE under the “Affected Software” section. But in a nutshell it’s every OS from Windows 2000 and later on running Windows Internet Explorer 6 and later. Yes, it includes Internet Explorer 8.
“What’s the exploit?”
A maliciously crafted website could allow an attacker to gain access to a computer using the same security rights as the logged on user.
“Is there any good news in this?” I guess if there were any good news, it would be that there have not (as of this writing) been any exploits of IE 7 or IE 8, but the proof of concept is real and valid.
This also doesn’t impact “Core” installations of Windows Server 2008 or Windows Server 2008 R2.
“Where can I get the update?”
The update(which, by the way, is a “cumulative update”) will be available at or around 10:00AM Pacific time, and there will be a new Security Advisory published also. In the meantime, you can reference Security Advisory 979352. When the new advisory and the update are available, I will post links to them here.
Here is the security bulletin - http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx
And the updated security advisory is live here - http://www.microsoft.com/technet/security/advisory/979352.mspx
Here's what the MSRC has to say about it.
And finally; if here is the "Regular IT Guy" perspective.
I AM LOOKING FOR A SECURITY DOWN LOAD THAT IS SIMPLY AND EASY TO USE HAVE YOU GOT ONE I AM FRUSTRATED WITH LOOKING FOR ONE AND THE COMPUTOR SAYS WE DO NOT HAVE ONE AND NEADS ONE OR UP DATES HELP PLEASE