This alert is to provide you with an overview of Microsoft Security Bulletin MS10-002, the Cumulative Security Update for Internet Explorer, released (out-of-band) on Thursday, January 21. This bulletin addresses eight vulnerabilities in Internet Explorer. Microsoft recommends that partners secure their own systems, then reach out to customers to assist them in ensuring their systems are secured.

 

Please see below for important resources and a bulletin summary. The U.S. partner portal home page at https://partner.microsoft.com/US has also been updated with information and links.

 

KEY RESOURCES

·         We recommend Microsoft partners use the Microsoft TechNet Security TechCenter as a source of security information http://technet.microsoft.com/security

·         Security Bulletin MS10-002 – Cumulative Security Update for Internet Explorer (978207):
http://www.microsoft.com/technet/security/bulletin/MS10-002.mspx

·         Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc/

·         Internet Explorer 8 Deployment Guide: http://technet.microsoft.com/en-us/library/cc985339.aspx

·         The U.S. partner portal home page has been updated with links to key resources.

 

BULLETIN SUMMARY

Bulletin ID

Bulletin Title

Maximum Severity Rating

Vulnerability Impact

Restart Requirement

Affected Software

MS10-002

Cumulative Security Update for Internet Explorer (978207)

Critical

Remote Code Execution

Requires a restart

All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008*, Windows 7, and Windows Server 2008 R2*.

* Where indicated in the Affected Software table on the bulletin Web page, the vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2, when installed using the Server Core installation option. Please see the bulletin Web page at the link in the left column for more details.

 

REGARDING INFORMATION CONSISTENCY

We recommend that Microsoft partners use the Microsoft TechNet Security TechCenter as a key source of security information: http://technet.microsoft.com/security, and that you sign up for comprehensive alerts at http://www.microsoft.com/technet/security/bulletin/notify.mspx.  We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.