(29th March 2010)
Microsoft has announced that it will release an emergency out of band
security bulletin, MS10‑018, on Tuesday 30th March to address
vulnerabilities in Internet Explorer versions 6 and 7. Microsoft has
taken the unusual step of releasing the emergency bulletin in response
to publicly disclosed a vulnerability in the iepeers.dll library and
deciding that "an out‑of‑band release is needed to protect customers".
The disclosed vulnerability does not impact Internet Explorer 8. The
bulletin will also contain fixes for nine other vulnerabilities which
Microsoft had originally planned to release on 13 April.
[Editor's Note (Cole): While patching is essential, this story
reinforces the fact that patching is ineffective without solid
configuration management with end point security, consisting of a
behavioral HIPS solution with complementary white listing.]