Just in case you haven’t seen this yet, Microsoft is getting reports of a publicly exploited vulnerability in Internet Explorer. It affects all IE versions on all OSes (except surprisingly IE 5.01 SP4). More information can be found here:
Microsoft released this right after a monthly patch cycle. There might be a chance that a patch for this exploit gets released as part of an out of band release. We’ll keep everyone posted.
This security advisory got modified yesterday (1/20/2010). Microsoft is planning to release patch content for this vulnerability today (1/21/2010), so we’re planning to release fixlets for MS10-002 today as well. We’ll ping bes admin announcements and the forums when we start releasing the content later on today.
I just checked with the Fixlet team… The full team is mobilized and working… We have already built the Fixlets and now we are working on testing all the different variants…
We absolutely understand that this is a critical patch and we are going to get it out as soon as possible and we are also very focused on making sure we don’t sacrifice any accuracy by trying to get it out because most people are going to deploy this patch very quickly… As it stands right now, it looks like we are a few hours away from finishing our testing…
We will send an update when the Fixlets are released.
Yes, thank you for the prompt response (I know it isn’t trivial). We plan on installing on test workstations and servers tonight, testing tomorrow and deploying tomorrow evening.
Thanks for all the heads up. I didn’t mean to imply you guys weren’t doing a great job or working as fast as you could. I just wanted to share the info. Keep up the great work.
Latest ETA is was in the next 2 hours… (I am going to get in trouble for posting this info on the forum but I thought it would help you guys with your planning… please don’t hold it against me if we are a bit late due to an unforeseen complication…)
English Fixlets were released just a bit ago… They are working on the non-English Fixlets…
Your BigFix Servers should gather the new Fixlets within the hour, but you can hit Tools > Manage Sites > Gather All Sites to manually trigger the gather.
OK… I just deployed to all my home deployment computers and they seemed to work well… I am curious if anyone wants to post when they finish their deployment and how it went…
Update: Our tests had strange results on WinVista - Win7. The action properties stated “Post-Action - No operations will occur after the action completes.”
But on the test machines, both popped up a “Windows Update” messgae box that stated “Restart your computer to finish installing important updates”.
The action script from the BigFix fixlet used the correct parameters.
Perhaps this was always the case and if so how would one prevent it from happening. Any ideas?
I saw that on my computer as well… It seems that the patch itself was triggering the behavior even though the patch was run with the command line options to explicitly ignore the restart…
I think this is a behavior of the OS to notify the user on restarts if an update is pending and I believe it is directly related to Windows Update running in the background (which is annoying because the patch is not delivered by Windows Update and there doesn’t appear to be an obvious way to control the restart settings)… But I did find that this type of option is disableable in general with a reg value: