This is an important one folks.
“Who or what software does this impact”?”
You can see the full list HERE under the “Affected Software” section. But in a nutshell it’s every OS from Windows 2000 and later on running Windows Internet Explorer 6 and later. Yes, it includes Internet Explorer 8.
“What’s the exploit?”
A maliciously crafted website could allow an attacker to gain access to a computer using the same security rights as the logged on user.
“Is there any good news in this?”
I guess if there were any good news, it would be that there have not (as of this writing) been any exploits of IE 7 or IE 8, but the proof of concept is real and valid.
This also doesn’t impact “Core” installations of Windows Server 2008 or Windows Server 2008 R2.
“Where can I get the update?”
The update(which, by the way, is a “cumulative update”) will be available at or around 10:00AM Pacific time, and there will be a new Security Advisory published also. In the meantime, you can reference Security Advisory 979352.
When the new advisory and the update are available, I will post links to them here.
Here is the security bulletin – http://www.microsoft.com/technet/security/Bulletin/MS10-002.mspx
And the updated security advisory is live here – http://www.microsoft.com/technet/security/advisory/979352.mspx
Here’s what the MSRC has to say about it.
And finally; if here is the “Regular IT Guy” perspective.