[ISN] Microsoft issues emergency patch for 10 IE holes

[InfoSec News <alerts@infosecnews.org>]

http://news.cnet.com/8301-27080_3-20001428-245.html

By Elinor Mills
InSecurity Complex
CNet News
March 30, 2010

Microsoft issued an emergency security update on Tuesday to plug 10 
holes in Internet Explorer, including a critical vulnerability that has 
been exploited in attacks in the wild.

The cumulative update, which Microsoft announced on Monday, resolves 
nine privately reported flaws and one that was publicly disclosed. The 
most severe vulnerabilities could lead to remote code execution and a 
complete takeover of the computer if a user were to view a malicious Web 
site using IE, Microsoft said in the bulletin summary.

Users of IE8 and Windows 7 are not vulnerable to the flaw being used in 
specific attacks, according to Microsoft. However, software affected by 
the cumulative update addressing all the IE vulnerabilities includes 
Windows 2000, Windows XP, Windows Server 2003 and Server 2008, Vista, 
and Windows 7.

The security bulletin also includes two other bulletins rated 
"important" that patch a vulnerability in Windows Movie Maker and 
Microsoft Producer 2003, and seven vulnerabilities in Office Excel.

[...]