01-15-2010 01:04 AM - edited 01-15-2010 01:06 AM
Microsoft has Released a Security Advisory and Mitigation for a New Un-Patched Vulnerability affecting Internet Explorer. The Vulnerability stems from an Invalid Pointer Reference within Internet Explorer. Attackers could Exploit the issue Remotely to Execute Arbitrary Code with the Privileges of the User that is Running the Vulnerable Browser.
Microsoft Security Advisory (979352):
Vulnerability in Internet Explorer Could Allow Remote Code Execution:
Security Advisory 979352 Released:
Solved! Go to Solution.
01-16-2010 04:48 AM - last edited on 01-21-2010 04:24 PM by shannons
On January 14, 2010 , the Metasploit Exploitation Framework added an Exploit for the Bug that would allow an Attacker to gain Control of the System. Availability of this Exploit will increase the chance of In-The-Wild Exploitation of this Issue.
Re-Producing the "Aurora" I.E. Exploit:
Internet Explorer C.V.E.-2010-0249 Remote Code Execution Vulnerability:
[edit: Fixed posting error.]
01-16-2010 10:57 AM - edited 01-16-2010 11:05 AM
An I.D.S. Signature has just been Released for this Vulnerability; please Run Norton LiveUpdate to get this Signature. (20100116.002; 20100116.001)
01-17-2010 04:03 AM
Just the other day, news of an exploit used to target a 0-day vulnerability in Internet Explorer (BID 37815) was announced. According to Microsoft, the vulnerability affects Internet Explorer 6, 7, and 8 which make up a bulk of the versions used today. Reports, however, have confirmed only Internet Explorer 6 has been targeted so far and the exploit has only been seen in targeted attacks.
You can read the rest of this Blog here: Protect yourself against Exploit targeting new I.E. 0-Day Vulnerability.
01-20-2010 12:39 AM
Microsoft has announced that they will be Releasing an Out-Of-Band Patch to address this issue. The Release Date for the Patch will be announced tomorrow (Wednesday, January 20, 2010).
Security Advisory 979352 - Going Out-Of-Band: http://blogs.technet.com/msrc/archive/2010/01/19/s
01-21-2010 11:39 AM - edited 01-21-2010 11:45 AM
Microsoft has released Patches to address eight Vulnerabilities affecting Internet Explorer on Thursday, January 21, 2010. One of these issues is being Exploited in-the-Wild in Targeted Attacks. Customers are strongly advised to install the Patches as soon as possible.
Microsoft Security Bulletin M.S.10-002 - Critical:
Cumulative Security Update for Internet Explorer (978207):
01-22-2010 04:54 AM
Thanks for the ALL the information on this subject.I got my PATCHES today,once again a BIG THANKS for keeping us up to date with this issue.
01-22-2010 01:45 PM
Thank-You for your kind response. Glad I could be of such service to the Norton Community up-to-date with this issue, and other issues as well. Once again, thank-you for your Reply in letting me know that the information I provided has been of use to you.