Internet Explorer Cumulative Update Releasing Out-of-Band

Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing security update MS10-018 tomorrow, March 30, 2010, at approximately10:00 a.m. PDT (UTC-8). MS10-018 resolves Security Advisory 981374, addressing a publicly disclosed vulnerability in Internet Explorer 6 and Internet Explorer 7. Internet Explorer 8 is unaffected by the vulnerability addressed in the advisory and we continue to encourage all customers to upgrade to this version to benefit from the improved security protection it offers.


We recommend that customers install the update as soon as it is available. Once applied, customers are protected against the known attacks related to Security Advisory 981374. We have been monitoring this issue and have determined an out-of-band release is needed to protect customers. For customers using automatic updates, this update will automatically be applied once it is released.  Additionally, because Security Bulletin MS10-18 is a cumulative update, it will also address nine other vulnerabilities in Internet Explorer that were planned for release on April 13.


Please join us Tuesday, March 30 at 1:00 p.m. PST (UTC -8) for a public webcast where we will present information on the bulletin and take customer questions. Registration information:


Date: Tuesday March 30, 2010
Time: 1:00 p.m. PST (UTC -8)


More information about the upcoming security bulletin can be found Microsoft’s Advance Notification Service (ANS) webpage.


We have received several questions about this bulletin today. Basically, if Internet Explorer 6 and 7 are the only versions affected by the active attacks, why does the Advance Notification page state that Internet Explorer 8 and Windows 7 are affected? To clarify, the Security Advisory was released due to one vulnerability that is under active attack. That vulnerability only affects Internet Explorer 6 and 7. However, the bulletin, MS10-018, that we will release tomorrow, addresses 9 additional vulnerabilities. Some of those also affect Internet Explorer 8. All of the 9 additional vulnerabilities were responsibly disclosed and we are not aware of any active attacks against them.




Jerry Bryant
Group Manager – Response Communications


*This posting is provided “AS IS” with no warranties, and confers no rights*