On January 14, 2010 , the Metasploit Exploitation Framework added an Exploit for the Bug that would allow an Attacker to gain Control of the System. Availability of this Exploit will increase the chance of In-The-Wild Exploitation of this Issue.

Re-Producing the "Aurora" I.E. Exploit:

http://blog.metasploit.com/2010/01/reproducing-aurora-ie-exploit.html.

Internet Explorer C.V.E.-2010-0249 Remote Code Execution Vulnerability:

http://www.securityfocus.com/bid/37815.

[edit: Fixed posting error.]

Just the other day, news of an exploit used to target a 0-day vulnerability in Internet Explorer (BID 37815) was announced.  According to Microsoft, the vulnerability affects Internet Explorer 6, 7, and 8 which make up a bulk of the versions used today.  Reports, however, have confirmed only Internet Explorer 6 has been targeted so far and the exploit has only been seen in targeted attacks.

You can read the rest of this Blog here: Protect yourself against Exploit targeting new I.E. 0-Day Vulnerability.

Microsoft has announced that they will be Releasing an Out-Of-Band Patch to address this issue. The Release Date for the Patch will be announced tomorrow (Wednesday, January 20, 2010).

Security Advisory 979352 - Going Out-Of-Band: http://blogs.technet.com/msrc/archive/2010/01/19/security-advisory-979352-going-out-of-band.aspx.

Hi Floating_Red,

Thanks for the ALL the information on this subject.I got my PATCHES today,once again a BIG THANKS for keeping us up to date with this issue.

Stoneheart

Hi, stoneheart,

Thank-You for your kind response.  Glad I could be of such service to the Norton Community up-to-date with this issue, and other issues as well.  Once again, thank-you for your Reply in letting me know that the information I provided has been of use to you.