IE升级补丁已经发布，请Win7用户尽快安装

Win7之家（ www.win7china.com）：IE升级补丁已经发布，请Win7用户尽快安装

一早醒来，发现Windows Update里面已经有包含IE 0day漏洞的IE集成补丁了，话不多说，赶紧截图并来之家通知大家赶紧下载升级。写完本文后，小编也要自己去升级了。

本次的IE补丁是Internet Explorer的累计补丁，总共修复了8个漏洞，其中包括导致Google在内的多家公司被攻击的哪个0day漏洞。

本次安全更新涉及IE5/6/7/8四个版本，问题的严重性包括可以允许远程执行代码，安装该更新后可以消除一系列来自IE浏览器的漏洞，并可以减少受攻击的风险，微软建议客户尽快部署防范已知攻击的安全更新。与此同时，趋势科技和赛门铁克公司周四表示，他们已找到新的恶意软件样本，利用IE漏洞进行攻击。

这些IE漏洞会影响XP、Vista、Win7、Win2008等各个系统的安全性，大家务必赶紧升级一下。

查看微软官方详细补丁信息：Microsoft Security Bulletin MS10-002 - Critical

软媒顺便附上相关英文资讯：

IE 0-Day Patch Available Today
As close to 10:00 a.m. PST as possible

Following the public reports of an unpatched zero-day vulnerability being actively exploited in limited and targeted attacks, Microsoft has moved extremely fast to produce a patch rendering the exploits useless. The security hole the Redmond company will plug today, January 21st, 2010, was used as one of the vectors in the now infamous attacks against Google and a roster of US-based companies, originating from China. MS10-002, as the label implies, is the second security bulletin that Microsoft will release in 2010, and it will impact all supported versions of Internet Explorer.

“We are planning to release the update as close to 10:00 a.m. PST as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities,” revealed Jerry Bryant, senior security program manager, Microsoft.

MS10-002 is what Microsoft refers to as an out-of-band security update, because it does not follow the schedule of the company’s monthly patch cycle. As noted by Bryant, MS10-002 was initially planned for availability in the second Tuesday of February 2010. Microsoft Security Bulletin Advance Notification for January 2010, published on January 20, offers insight on the patch package which the Redmond company will start serving to Internet Explorer users later today.

To this day, Microsoft has only identified limited and targeted attacks against Internet Explorer 6. However, the vulnerability affects all supported versions of Internet Explorer, including IE7 and IE8 running on Windows XP, Windows Vista and IE8 on Windows 7. The Redmond company considers the security vulnerability Critical, especially since attacks have already proven that successful exploits allow attackers to perform remote code execution.

“Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released,” Bryant added.