Thursday, January 21, 2010

Risk of IE 0-day vulnerability - Don't Panic

IE Vulnerability: Going Out of Band

Roger Halbheer and Microsoft would like to ensure if everybody have notice that Microsoft have just released a Security Advisory 979352 – Going out of Band. Extract from his post:

Quoting the blog:

Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6.


Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.

Symantec explains, "there's a hole in Internet Explorer which a cybercriminal can take advantage of by creating a malicious threat that targets anyone who is using the vulnerable browser and is not protected".

Linked to the attacks on Google, although those were of a more targeted nature than consumers will ever experience, the cyber crims have created a new Trojan that exploits the vulnerability, something that has led to the French and German governments and specially Australian Government advising not to use Internet Explorer.

Please follow the following recommendations:

1) Deploy the Security Update as soon as it is out
2) Upgrade to Internet Explorer 8 asap

No comments: