Microsoft has released an out-of-band security bulletin on March 30, 2010. The bulletin is being released to address new attacks against customers of Internet Explorer. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these current attacks. However, the released update contains fixes for IE5, IE6, IE7 and IE8 and therefore, it is recommended to update all versions of Internet Explorer: http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

Recommendation: The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For certain configurations, the update is marked as important only (not critical) and in this case the update must be installed/selected manually as well.

Especially as we see these vulnerabilities being exploited already (mainly in the US and Asia), I would recommend to install the released updates fast. In addition, Easter time will not only allow lots of people to surf extensively on the Internet, I also expect an increased amount of mails and links to Easter-related stuff (Webpages and HTML mail), which could contain malware.

-Urs

Bill Mullins’ Weblog: Guest writer Dave Brooks, a vastly experienced computer tech from New Hampshire, who is an expert at online safety, shares this chilling story on why even exercising proper security measures won’t guarantee your online financial safety.

http://billmullins.wordpress.com/2010/03/25/think-youre-immune-from-online-fraud-maybe-not/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+wordpress%2FTVcE+%28Bill+Mullins%27+Weblog+-+Tech+Thoughts%29

-Urs

Not really security relevant, but cool anyway... some more info on project Natal:
http://news.cnet.com/8301-13772_3-20001174-52.html?part=rss&subj=news&tag=2547-1_3-0-20

What is project Natal? ;-)
http://www.xbox.com/en-US/live/projectnatal/ 

-Urs

DarkReading: If your security strategy relies on end users to perform updates or avoid risky behavior, then it's time to ask yourself a question: How much do end users really know about security vulnerabilities?

"Non-IT folks are often only aware of security vulnerabilities that are covered in mainstream publications and media or hit close to home by impacting a family member," says Mike Greide, senior security researcher at Zscaler. 

http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=224000172

-Urs

MSNBC:Seattle is the riskiest online city, according to a new survey.

Symantec says Seattle tops the list because people are more likely to access the Web each day and use the Internet for shopping and banking, and because of the proliferation of wireless Internet access.

http://www.msnbc.msn.com/id/35985828 

Ups.. as I am currently in Seattle and knowing that, should I be more careful now? ;-)

-Urs