microsoftsecuritylogo

Three security related advisories were updated by Microsoft on 04 January 2010:

Microsoft Security Advisory (973811): Extended Protection for Authentication – Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).

Microsoft Security Advisory (2488013): Vulnerability in Internet Explorer Could Allow Remote Code Execution – Microsoft is investigating new, public reports of targeted attacks attempting to exploit a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and mitigations for this issue.

Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution – Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.