Microsoft is intending to release an out-of-band IE security bulletin tomorrow on March 31, 2010 (NZ time). The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these attacks. The vulnerability used in these attacks, along with workarounds, is described in Microsoft Security Advisory 981374. The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.

This bulletin advance notification will be replaced with the revised March bulletin summary on March 31, 2010. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on the out-of-band security bulletin on March 31, 2010, at 9AM (NZ time). Register now for the March 31, 9AM webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.