Yep.that's right.
http://windowsitpro.com/msrc/microsoft-releases-temporary-fix-ie10-and-ie9-r emote-code-execution-vulnerability The IE10 vuln was reported to Microsoft by FireEye on the 13th and confirmed by Microsoft (and announced it also affects IE9) on the 18th. The Fix-It was released yesterday evening. Keep in mind the flaw is actually in Adobe's Flash scripting language. Coincidentally, Adobe released its 2nd zero-day update this month today. It's also a Flash vuln. http://windowsitpro.com/security/adobe-releases-second-critical-zero-day-fla sh-update-short-month From: [email protected] [mailto:[email protected]] On Behalf Of Marcum, John Sent: Thursday, February 20, 2014 4:54 PM To: SMS List ([email protected]) Subject: [mssms] MS and Adobe OOB Updates Am I reading this right???? Microsoft released an OOB warning but the only way to patch it is with a fix it? http://news.cnet.com/8301-1009_3-57619214-83/adobe-issues-emergency-patch-ag ain/ However, people who use those browsers must apply the fix manually with the FixIt shim tool <http://support.microsoft.com/kb/2934088> . A permanent fix for the exploit is expected in three weeks or so _____ John Marcum Lead Desktop Engineer Bradley Arant Boult Cummings LLP _____ _____ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.

