Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: OOB Update for Internet Explorer MS10-018 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
OOB Update for Internet Explorer MS10-018

Microsoft Security Bulletin MS10-018 - Critical

This update resolves 10 different vulnerabilities in Internet Explorer, of which the most severe impact can be execution of arbitrary code. All versions of IE from 5.01 to 8.0 are affected to varying degrees. Both servers and workstations should be updated. The update replaces MS10-002, and addresses the MS Advisory 981374 vulnerability. Time to patch! It is a cumulative update.

Here is a listing of the related vulnerabilities and CVE entries:
Uninitialized Memory Corruption Vulnerability - CVE-2010-0267   
Post Encoding Information Disclosure Vulnerability - CVE-2010-0488   
Race Condition Memory Corruption Vulnerability - CVE-2010-0489   
Uninitialized Memory Corruption Vulnerability - CVE-2010-0490   
HTML Object Memory Corruption Vulnerability - CVE-2010-0491   
HTML Object Memory Corruption Vulnerability - CVE-2010-0492   
HTML Element Cross-Domain Vulnerability - CVE-2010-0494   
Memory Corruption Vulnerability - CVE-2010-0805   
Uninitialized Memory Corruption Vulnerability - CVE-2010-0806   
HTML Rendering Memory Corruption Vulnerability - CVE-2010-0807

http://blogs.technet.com/msrc/archive/2010/03/30/security-bulletin-ms10-018-released.aspx

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Adrien de Beaupre

353 Posts
ISC Handler
I've noticed Microsoft has been releasing a few OOB updates lately, do you think they're finally realizing that you can't just patch your systems once a month?
sleaf

4 Posts
yesterday, i got a new form of ie thread lock exploit. this is what happened multiple times in 1 day. while browsing, i would get that popup that said internet explorer quit respond. instead of locking up and turning white, a 2nd popup came up instead saying that internet explorer was canceled out and restarted even though it was untrue. there are other new issues added to the old but in due time if your interested in the info
sleaf
1 Posts

Sign Up for Free or Log In to start participating in the conversation!