Symantec Security Threatcon Status for 2010-03-22

The ThreatCon is at level 2. Microsoft has released a knowledge base article (KB 981374) announcing a new and unpatched vulnerability affecting Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, Internet Explorer 6, and Internet Explorer 7. Microsoft reports that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected by this issue. This vulnerability is being exploited in targeted attacks in the wild.

Microsoft Security Advisory (981374)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/981374.mspx

We are tracking this vulnerability with the following vulnerability database entry.

Microsoft Internet Explorer CVE-2010-0806 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/38615

Additionally, Microsoft has released the scheduled updates for March 2010. This month's update covers multiple vulnerabilities in Microsoft Excel and one in Moviemaker. Two Security Bulletins have been released to address these issues. Customers are advised to install these updates as soon as possible.

Microsoft Security Bulletin Summary for March 2010
http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx