We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability.

Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks.  To date, the only successful attacks that we are aware of have been against Internet Explorer 6.  We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers.  We also recommend customers consider deploying the workarounds and mitigations provided in  Security Advisory 979352.

Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.

We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time.  We will provide the specific timing of the release tomorrow.

As always, we’re continuing to investigate this situation, so customers should look for the latest updates here on the Microsoft Security Response Center blog.

Thank you,

George Stathakopoulos
General Manager
Trustworthy Computing Security

*This posting is provided "AS IS" with no warranties, and confers no rights*