Microsoft Internet Explorer Zero Day Security Advisory 979352

(imported topic written by liuhoting91)

Hi folks-

Just in case you haven’t seen this yet, Microsoft is getting reports of a publicly exploited vulnerability in Internet Explorer. It affects all IE versions on all OSes (except surprisingly IE 5.01 SP4). More information can be found here:

Microsoft released this right after a monthly patch cycle. There might be a chance that a patch for this exploit gets released as part of an out of band release. We’ll keep everyone posted.

(imported comment written by liuhoting91)

An update:

This security advisory got modified yesterday (1/20/2010). Microsoft is planning to release patch content for this vulnerability today (1/21/2010), so we’re planning to release fixlets for MS10-002 today as well. We’ll ping bes admin announcements and the forums when we start releasing the content later on today.

(imported comment written by nkirkland91)

any timeframe on release for this?

(imported comment written by SystemAdmin)

Just got notice from McAfee that the patch has been released. The notice is here:

Looking forward to the fixlet :slight_smile:

(imported comment written by BenKus)

Hey folks,

I just checked with the Fixlet team… The full team is mobilized and working… We have already built the Fixlets and now we are working on testing all the different variants…

We absolutely understand that this is a critical patch and we are going to get it out as soon as possible and we are also very focused on making sure we don’t sacrifice any accuracy by trying to get it out because most people are going to deploy this patch very quickly… As it stands right now, it looks like we are a few hours away from finishing our testing…

We will send an update when the Fixlets are released.


(imported comment written by rmnetops91)

The link posted by jspanitz was working, but now it’s down.

(imported comment written by ktm_200091)

Ben Thanks in advance for the great turn around. My CIO wants this out within 24hrs!!!

(imported comment written by BarryWallis91)

Yes, thank you for the prompt response (I know it isn’t trivial). We plan on installing on test workstations and servers tonight, testing tomorrow and deploying tomorrow evening.

(imported comment written by SystemAdmin)

Ben / BigFix

Thanks for all the heads up. I didn’t mean to imply you guys weren’t doing a great job or working as fast as you could. I just wanted to share the info. Keep up the great work.


(imported comment written by BenKus)

Latest ETA is was in the next 2 hours… (I am going to get in trouble for posting this info on the forum but I thought it would help you guys with your planning… please don’t hold it against me if we are a bit late due to an unforeseen complication…)


(imported comment written by fermin91)

how do i initiate a pull from the Bigfix server to show the fixlet?

(imported comment written by BenKus)

English Fixlets were released just a bit ago… They are working on the non-English Fixlets…

Your BigFix Servers should gather the new Fixlets within the hour, but you can hit Tools > Manage Sites > Gather All Sites to manually trigger the gather.


(imported comment written by BenKus)

OK… I just deployed to all my home deployment computers and they seemed to work well… I am curious if anyone wants to post when they finish their deployment and how it went…


(imported comment written by SystemAdmin)

We patched to our test group last night and all looks good. If testing goes well today, we will push the rest starting this weekend.

Great job on the turnaround.

(imported comment written by BarryWallis91)

Same here. We were able to patch all test workstations and servers. If testing goes as anticipated, we will roll out the patch starting tonight.

Thanks again for your quick response.

(imported comment written by SystemAdmin)

Update: Our tests had strange results on WinVista - Win7. The action properties stated “Post-Action - No operations will occur after the action completes.”

But on the test machines, both popped up a “Windows Update” messgae box that stated “Restart your computer to finish installing important updates”.

The action script from the BigFix fixlet used the correct parameters.

Perhaps this was always the case and if so how would one prevent it from happening. Any ideas?

(imported comment written by BenKus)

I saw that on my computer as well… It seems that the patch itself was triggering the behavior even though the patch was run with the command line options to explicitly ignore the restart…

I think this is a behavior of the OS to notify the user on restarts if an update is pending and I believe it is directly related to Windows Update running in the background (which is annoying because the patch is not delivered by Windows Update and there doesn’t appear to be an obvious way to control the restart settings)… But I did find that this type of option is disableable in general with a reg value:

regset “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU” “NoAutoRebootWithLoggedOnUsers”=dword:00000001

Alternately, it might be useful to disable Windows Update on these systems…