Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future.  The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not affected by this issue and as always, we encourage customers to upgrade to the latest browser version.

We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action.  If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update.

We will be holding a special, live webcast, during which we’ll take your questions regarding this update, on Monday, January 14 at 1 p.m. PST. Click here to register.

For all the latest information, you can follow the MSRC team on Twitter at @MSFTSecResponse.

Thanks,

Dustin Childs
Group Manager
Trustworthy Computing