Microsoft has released an out-of-band security bulletin on March 30, 2010. The bulletin is being released to address new attacks against customers of Internet Explorer. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these current attacks. However, the released update contains fixes for IE5, IE6, IE7 and IE8 and therefore, it is recommended to update all versions of Internet Explorer: http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

Recommendation: The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For certain configurations, the update is marked as important only (not critical) and in this case the update must be installed/selected manually as well.

Especially as we see these vulnerabilities being exploited already (mainly in the US and Asia), I would recommend to install the released updates fast. In addition, Easter time will not only allow lots of people to surf extensively on the Internet, I also expect an increased amount of mails and links to Easter-related stuff (Webpages and HTML mail), which could contain malware.

-Urs