Internet Explorer Cumulative Update Releasing Out-of-Band
The Microsoft Security Response Center (MSRC) has (announcement blog page) announced that they will be publishing an out-of-band cumulative update for Internet Explorer. This update will patch a publicly disclosed security vulnerability that is affecting Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is not affected by the security vulnerability. Microsoft has previously released two Fix It solutions for the vulnerability. This security update will be released on March 30 at about 10:00 a.m. PDT.
This Internet Explorer security update will be available through Windows Updates or from the usual Microsoft channels through which updates are made available for downloaded manually. This security update for Internet Explorer is cumulative in nature as it has nine more vulnerability fixes that were all supposed to be released on Microsoft’s monthly Patch Tuesday on scheduled for April 13.
This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on March 30, 2010. The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these attacks. The vulnerability used in these attacks, along with workarounds, is described in Microsoft Security Advisory 981374. The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.
Users still running Internet Explorer 6 or 7 in their systems are encouraged to update their systems as soon as Microsoft releases this update to protect their computer system security.