Microsoft published the following security bulletin updates:

- MS09-014 - Critical: Cumulative Security Update for Internet Explorer (963027) - Version:1.4
- Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution



MS09-014 - Critical: Cumulative Security Update for Internet Explorer (963027) - Version:1.4

Severity Rating: Critical - Revision Note: V1.4 (July 21, 2010): Corrected the value of the dword associated with enabling the defense-in-depth protection in the section, Frequently Asked Questions (FAQ) Related to This Security Update. Users who previously enabled the defense-in-depth protection against the blended threat issue should verify their environment is using the correct dword value.

Summary: This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Read more

Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution

Revision Note: V1.2 (July 20, 2010): Clarified the vulnerability exploit description and updated the workarounds.

Summary: Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as well as workarounds and mitigations for this issue.

Read more