funsec mailing list archives
Re: As Attacks Escalate, MS Readies Emergency IE Patch
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Wed, 17 Dec 2008 00:04:25 +0200 (EET)
Yes, they announced it via http://blogs.technet.com/msrc/archive/2008/12/16/advance-notification-for-december-2008-out-of-band-release.aspx Juha-Matti Paul Ferguson [fergdawgster () gmail com] kirjoitti:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via the ZDNet "Zero Day" Blog. [snip] Microsoft is planning to ship an emergency Internet Explorer update tomorrow (December 17) to counter an escalating wave of malware attacks targeting a zero-day browser vulnerability. The out-of-band update, which will be rated critical, follows the public discovery of password-stealing Trojans exploiting the bug on Chinese-language Web sites. Over the past week, the attacks have expanded with hackers using SQL injection techniques to seed exploits on legitimate Web sites. This will be the second out-of-band update from the MSRC (Microsoft Security Response Center) in the last two months. Back in October, the company shipped MS08-067 to plug an extremely critical worm hole that affected Windows 2000, Windows XP and Windows Server 2003. The IE patch will be available for all supported versions of the browser. According to this pre-patch advisory from Microsoft, the in-the-wild attacks have targeted IE 7 on Windows XP SP2 and SP3, Windows Server 2003 SP1 and SP2, Windows Vista (including SP1) and Windows Server 2008. [snip] More: http://blogs.zdnet.com/security/?p=2317 - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFJSApwq1pz9mNUZTMRApneAJ9STHREP6x7Y9ronUHcA3xU9u3KSACbBzda QtMHjR/LqU4FS3y7dy4/okE= =RoG2 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- As Attacks Escalate, MS Readies Emergency IE Patch Paul Ferguson (Dec 16)
- <Possible follow-ups>
- Re: As Attacks Escalate, MS Readies Emergency IE Patch Juha-Matti Laurio (Dec 16)