This is a follow-up to two earlier articles in this newsletter about Microsoft's latest security problems with Internet Explorer versions 6, 7, and 8:
Microsoft has taken the unusual step of issuing advance notification of the out-of-cycle patch to be released later today (January 21) in security bulletin MS10-002, which includes a link to the patch itself. To install the update once it's been posted, visit the Microsoft Update site, choose the Custom option, and select the patch in the list of high-priority updates. As I write these words, the patch is not yet available but is expected to be released later today.
Security analysts and Microsoft agree that the attacks have a high social-engineering component: the attack is serious and occurs when a targeted victim clicks on a link on a web site or in an email message or when he or she clicks on an infected attachment (commonly an Adobe PDF or Flash file) delivered in e-mail, instant messages, or other electronic communication appearing to come from a trusted source.
In short, there is no method of determining in advance that the problem exists and, once you click on the link, it is too late (if you use Internet Explorer). Your PC will be compromised. You are advised to not use Internet Explorer, at least until after today's security patch is installed. To install the update once it's been posted, visit the Microsoft Update site, choose the Custom option, and select the patch in the list of high-priority updates.
Other web browsers, including Firefox, Chrome, Opera, Safari, and others, do not have the problem.
