Security Advisories

Revision Note: V1.2 (June 15, 2010): Revised Executive Summary to reflect awareness of limited, targeted active attacks that use published proof-of-concept exploit code. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued M10-042 to address this issue. For more information about this issue, including download links for an available security update, please review M10-042. The vulnerability addressed is the Help Center URL Validation Vulnerability - CVE-2010-1885.

Revision Note: V1.2 (June 9, 2010): Added information about MS10-035 and clarified a FAQ entry about the caching vector. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Revision Note: V2.0 (June 8, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-039 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-039. The vulnerability addressed is the Help.aspx XSS Vulnerability - CVE-2010-0817.

Revision Note: V1.5 (June 8, 2010): Updated the FAQ with information about six non-security updates enabling .NET Framework to opt in to Extended Protection for Authentication. Advisory Summary:Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

Revision Note: V1.0 (May 18, 2010): Advisory published. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-043. The vulnerability addressed is the Canonical Display Driver Integer Overflow Vulnerability - CVE-2009-3678.

Revision Note: V2.0 (April 13, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-020 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-020. The vulnerability addressed is the SMB Client Incomplete Response Vulnerability - CVE-2009-3676.

Revision Note: V2.0 (April 13, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-022 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-022. The vulnerability addressed is the VBScript Help Keypress Vulnerability - CVE-2010-0483.

Revision Note: V2.0 (March 30, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-018 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-018. The vulnerability addressed is the Uninitialized Memory Corruption Vulnerability - CVE-2010-0806.