-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA10-089A


Microsoft Internet Explorer Vulnerabilities

   Original release date: March 30, 2010
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Internet Explorer


Overview

   Microsoft has released out-of-band updates to address critical
   vulnerabilities in Internet Explorer.


I. Description

   Microsoft has released updates for multiple vulnerabilities in
   Internet Explorer, including the vulnerability detailed in
   Microsoft Security Advisory (981374) and US-CERT Vulnerability Note
   VU#744549.


II. Impact

   By convincing a user to view a specially crafted HTML document or
   Microsoft Office document, an attacker may be able to execute
   arbitrary code with the privileges of the user.


III. Solution

   Apply updates

   Microsoft has released updates to address these vulnerabilities.
   Please see Microsoft Security Bulletin MS10-018 for more
   information.

   Apply workarounds

   Microsoft has provided workarounds for some of the vulnerabilities
   in MS10-018.


IV. References

 * Microsoft Security Bulletin MS10-018 -
   <http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx>

 * Microsoft Security Advisory (981374) -
   <http://www.microsoft.com/technet/security/advisory/981374.mspx>

 * Microsoft Internet Explorer iepeers.dll use-after-free
   vulnerability -
   <http://www.kb.cert.org/vuls/id/744549>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA10-089A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA10-089A Feedback VU#744549" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2010 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History

  March 30, 2010: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS7KKyj6pPKYJORa3AQJsgAf/SkHbDt3N9SoIvHHHRsYGjbbIBq1wO3zt
xQLTkCvapDgRgf+HCPjw8kzQNCqa+Qisfj3OEw1ADJPwh7PLrWnkrdJMgkLjhJtF
xON1Cb+nzy4TuccKPwo2ydu/+bxkFfbKVqB7s355LqC+O+uOnklk1GPftqY0vKpx
la5sR+BWkjhARC+OMQsYSQ1hfI7DG7qO9tUljoHwjkyz+ry0rdCX3VSvr3mswf9r
hAIw17MTzzjWfvr1logn2SDC6e8HR1TAsSCKvicCJvR2SlIiLFneleDSlVQX8H+g
EMdZn06dD6tYgzkLrFT77xwfRW9AgQ/WS7Ai8G4+e9zdJl1uO9ICyg==
=+WLE
-----END PGP SIGNATURE-----