-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-021 Title: Microsoft Security Advisory [1] Version history: 21.02.2014 Initial publication Summary ======= Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 10. Only Internet Explorer 9 and Internet Explorer 10 are affected by this vulnerability. Other supported versions of Internet Explorer are not affected. Applying the Microsoft Fix it solution, "MSHTML Shim Workaround," prevents the exploitation of this issue. CVE numbers: CVE-2014-0322 CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) [2] Vulnerable systems ================== Windows Vista Service Pack 2 Internet Explorer 9 Windows Vista x64 Edition Service Pack 2 Internet Explorer 9 Windows Server 2008 for 32-bit Systems Service Pack 2 Internet Explorer 9 Windows Server 2008 for x64-based Systems Service Pack 2 Internet Explorer 9 Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 9 Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 9 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 9 Windows 7 for 32-bit Systems Service Pack 1 Internet Explorer 10 Windows 7 for x64-based Systems Service Pack 1 Internet Explorer 10 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Internet Explorer 10 Windows 8 for 32-bit Systems Internet Explorer 10 Windows 8 for x64-based Systems Internet Explorer 10 Windows Server 2012 Internet Explorer 10 Windows RT Internet Explorer 10 What can you do? ================ Apply Fix following the original workaround:[1] What to tell your users? ======================== N/A More information ================ [1] http://technet.microsoft.com/en-us/security/advisory/2934088 [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0322 Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTBzxZAAoJEPpzpNLI8SVoKYkP/1N2YUhmghIEu2WETc4QkIE8 X5g2slaSvRw3W22sv/Jf1m3a1TCwN/nU16B2g+TZQP8tWi3KRWe1APnyt3bsJ6O+ vfjfRnNyEp6bPYUPplVLg+rcSSYP5JC57RkuBSwzw/T5ojZtMXDaOnn5v7H8V/hU /yX8C0/9rFxLAbxfjweqgaGobBHLUGs78Fs2qk/40wDWdbsmfxK21ktlxrZ3wF1X TH5it5DkDS3xsK5LQig1qIQNJMHEQVqozkG2E+JWIEE+SP59G/9OxaZgInaROWJt ERyahRgsFzAd44E3wxGyysaVYTOA8J9EFSE2v647BxX6NZPUiCUiKWw2JSh1FBW2 43yrhPiAlBz0C4UWk0vV0lv2jbZAX9+kS/NFcQzDeZAQaavEwOXTejFPvANhedkc bAdEB3bInox9GoMr469w5ZSNmqlsBRZCRIrsnOEsVtT03eiQ8rbV4doiv6q6Ttrc ZMXCvy5j9+arovKvDV099Mj6tq93k0R6BRNj44hT9OgFHA+dC42aW6udWq5NMobc gb4gkzmhyvAH0bukEJR4VBagYrpTDO/1UN6Lcz1+9PVrPdW6/HmLyjdyEfZMCjRZ 8V/aC3ijDfPwIgDZHPmuKpSOS7hmzZllPydStiH5q6/kga+c0sqNNOiLnKHRRtoK 7m4AAF6yOQxAPcHqM+a4 =Ukny -----END PGP SIGNATURE-----