Good Afternoon, For those of you who are not already aware, CCIP would like to bring your attention the the Critical Microsoft Security Bulletin MS09-002 that was released on February 10: http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx Microsoft have announced a vulnerability in Internet Explorer 7 that could allow remote code execution if a user views a specially crafted Web page. Administrators are advised to patch immediately. Microsoft have rated as Critical for Window XP and Windows Vista and as Moderate for Windows Server 2003 and Windows Server 2008. CCIP is releasing this alert as it has been made aware of active exploitation of this vulnerability in the wild. Due to the recent impact of the Conficker worm CCIP wants to ensure that there is awareness of the active exploitation of MS09-002 and to encourage the patching of systems if they have not already been patched. AusCERT have a write up on their website: http://www.auscert.org.au/render.html?it=10477 There is also a write up on the Sourcefire Vulnerability Research Team’s blog: http://vrt-sourcefire.blogspot.com/2009/02/ms09-002-in-wild.html Regards, The CCIP Team -- Centre for Critical Infrastructure Protection Government Communications Security Bureau P: +64 4 498 7654 F: +64 4 498 7655 E: info(a)ccip.govt.nz I: www.ccip.govt.nz --- This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. ---