Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - * Microsoft Out Of Band Patch Release InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

* Microsoft Out Of Band Patch Release

Published: 2010-01-21
Last Updated: 2010-01-21 20:21:55 UTC
by Chris Carboni (Version: 1)
2 comment(s)

Microsoft released the out of band security bulletin and patch it announced yesterday. MS10-002 is a cumulative patch for Internet Explorer. It fixes a total of 8 vulnerabilities. The "famous" vulnerability that triggered the release, CVE-2010-0249, is currently being exploited. According to the bulletin, none of the other vulnerabilities are currently being exploited and all had been disclosed to Microsoft directly without any prior public disclosure.

Given the number of ever improving exploits against CVE-2010-0249, and the publicly known use of these exploits, we recommend that you patch as soon as possible.

2 comment(s)
Diary Archives