Hi everyone,

Today we released Security Advisory 980088
to address a publicly disclosed vulnerability in Internet Explorer that
may allow Information Disclosure for customers running on Windows XP or
who have disabled Internet Explorer Protected Mode.  At this time we
are not aware of any attacks seeking to use the vulnerability.

running Internet Explorer 7 or Internet Explorer 8 in their default
configuration on Windows Vista or later operating systems are not
vulnerable to this issue as they benefit from Internet Explorer
Protected Mode, which protects from this issue. Windows XP users, or
users who have disabled Protected Mode, can help protect themselves by
implementing Network Protocol Lockdown. We have created a Microsoft Fix It  to automate this. The Fix It can be run on individual systems or enterprises can deploy it through their automated systems. 

are working to produce an update for this vulnerability and when that
is complete, we will take appropriate action to protect customers,
which may include releasing an update out-of-band.   As with any
update, we have to balance overall quality and ensure application
compatibility before we release it.

Microsoft is also working with our Microsoft Active Protections Program (MAPP) 
partners to help provide broader protections for customers. Together
with our partners, we will continue to monitor the threat landscape and
will take action against any web sites that seek to exploit this

We continue to encourage customers to upgrade to Internet Explorer 8
to benefit from the increased protections provided in the newer
version. In addition, customers should continue to follow our “Protect
Your Computer” guidance at http://www.microsoft.com/protect.


Jerry Bryant
Sr. Security Communications Manager – Lead

*This posting is provided “AS IS” with no warranties, and confers no rights.*