DBActive

Revision Note: Advisory updated to reference released security bulletin.Summary: Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.

Source

Revision Note: Advisory updated to reference released security bulletin.Summary: Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.

Source

Revision Note: Advisory updated to clarify that the Compatibility Patch will be replaced in the June update cycle.Summary: Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.

Source

Revision Note: Advisory PublishedSummary: Microsoft has confirmed new public reports of a vulnerability in Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user”s system in the security context of the logged-on user. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker”s Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. In an e-mail based attack, customers would have to click a link to the malicious Web site or open an attachment that exploits the vulnerability. In both Web-based and e-mail based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Microsoft will continue to investigate these reports and provide additional guidance depending on customer needs. Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This will either take the form of a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site. We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers ca

Source