http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222400136 By Thomas Claburn InformationWeek January 21, 2010 Microsoft on Thursday released an out-of-band patch, MS10-002, to address eight vulnerabilities in Internet Explorer, a move prompted by the revelation last week that a series of cyber attacks from China on Google and some 33 other companies relied on a flaw in Microsoft's browser. The eight vulnerabilities are rated "critical" in most cases and have an Exploitability Index rating of 1, meaning that exploit code is likely. In fact, proof-of-concept exploit code has already been reported and malicious exploit code is circulating online. Microsoft is urging customers to install this update as soon as possible. The vulnerabilities affect Internet Explorer versions 5-8 and Windows 2000, XP, Vista, 7, Server 2003, and Server 2008. The company maintains that it has only seen limited and targeted attacks against Internet Explorer 6. But other security companies see broader risk affecting users of Internet Explorer 7 and 8. Symantec on Wednesday said that it had detected a new exploit that attempts to leverage one of Internet Explorer's current vulnerabilities. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Fri Jan 22 2010 - 02:03:16 PST
This archive was generated by hypermail 2.2.0 : Fri Jan 22 2010 - 02:10:10 PST