By Elinor Mills
March 30, 2010
Microsoft issued an emergency security update on Tuesday to plug 10
holes in Internet Explorer, including a critical vulnerability that has
been exploited in attacks in the wild.
The cumulative update, which Microsoft announced on Monday, resolves
nine privately reported flaws and one that was publicly disclosed. The
most severe vulnerabilities could lead to remote code execution and a
complete takeover of the computer if a user were to view a malicious Web
site using IE, Microsoft said in the bulletin summary.
Users of IE8 and Windows 7 are not vulnerable to the flaw being used in
specific attacks, according to Microsoft. However, software affected by
the cumulative update addressing all the IE vulnerabilities includes
Windows 2000, Windows XP, Windows Server 2003 and Server 2008, Vista,
and Windows 7.
The security bulletin also includes two other bulletins rated
"important" that patch a vulnerability in Windows Movie Maker and
Microsoft Producer 2003, and seven vulnerabilities in Office Excel.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!