Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: InfoSec Handlers Diary Blog - Updates on IE vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Updates on IE vulnerability

Published: 2006-03-27
Last Updated: 2006-03-27 14:14:29 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Our reader Juha-Matti pointed that MS updated its blog with informations about the patch and some advices for users:
"I want to reiterate that the IE team has the update in process right now and if warranted we'll release that as soon as it's ready to protect customers (right now our testing plan has it ready in time for the April update release cycle).  But if you're concerned you may be impacted, now you can visit http://safety.live.com to scan your machine and remove current attacks using this vulnerability."

Altough they say that are seeing only limited attacks, we have some reports of more than 100 sites (Saturday data) exploring this vulnerability, to install bots, keyloggers...

Update:
Btw, just to be clear about the safety live com thing, it offers some protection, but it can only protect you in known malware with signatures...It is not protecting you against the IE vulnerability...

Update2:
The number of sites are now
over 200...

-------------------------------------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno //&&// isc. sans. org)
Keywords:
0 comment(s)
Diary Archives