Re: MSIE 6/7/8 unpatched vulnerability confirmed

[Juha-Matti Laurio <juha-matti.laurio () netti fi>]

So many references but so little time..

http://www.vupen.com/english/threats/

"While the public exploit only targets Internet Explorer 6 without DEP (Data Execution Prevention), VUPEN Security has 
confirmed reliable code execution with Internet Explorer 8 and permanent DEP enabled.
Enabling DEP will only protect your systems from public exploits, however, disabling JavaScript is the only way to 
prevent DEP bypass attacks."

And

http://blogs.technet.com/msrc/archive/2010/01/20/advance-notification-for-out-of-band-bulletin-release.aspx

"Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 
tomorrow, January 21st, 2010.
We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible.
This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer 
with an aggregate severity rating of Critical.
It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as 
several other vulnerabilities."

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.