Microsoft released a cumulative security update which resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. So patch now!

The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights as reported earlier today.

This security update is rated critical for all supported releases of Internet Explorer:
Internet Explorer 5.01
Internet Explorer 6 SP1
Internet Explorer 6 on Windows clients
Internet Explorer 7
Internet Explorer 8 on Windows clients.
For Internet Explorer 6 on Windows servers, this update is rated Important. And for Internet Explorer 8 on Windows servers, this update is rated Moderate.

The security update addresses these vulnerabilities by modifying the way that Internet Explorer verifies the origin of scripts and handles objects in memory, content using encoding strings, and long URL.

This should be common sense and not require a whole research paper but Beyond Trust released a study stating that Windows 7 is safer when using it as a standard user.

I am looking forward to the South Florida OWASP meeting and hanging out with the local InfoSec people tomorrow Wednesday March 31, 2010 at 6pm at Nova Southeastern University Carl DeSantis Building Room 1124.

Today I turned in the final revisions and edits to my first book coming out in the end of April: Microsoft Windows 7 Administrator’s Reference! If you are a Windows power user or system administrator or want to be one this is the book for you!