Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Updates on IE vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Updates on IE vulnerability
Our reader Juha-Matti pointed that MS updated its blog with informations about the patch and some advices for users:
"I want to reiterate that the IE team has the update in process right now and if warranted we'll release that as soon as it's ready to protect customers (right now our testing plan has it ready in time for the April update release cycle).  But if you're concerned you may be impacted, now you can visit http://safety.live.com to scan your machine and remove current attacks using this vulnerability."

Altough they say that are seeing only limited attacks, we have some reports of more than 100 sites (Saturday data) exploring this vulnerability, to install bots, keyloggers...

Update:
Btw, just to be clear about the safety live com thing, it offers some protection, but it can only protect you in known malware with signatures...It is not protecting you against the IE vulnerability...

Update2:
The number of sites are now
over 200...

-------------------------------------------------------------------------------------------
Handler on Duty: Pedro Bueno ( pbueno //&&// isc. sans. org)
Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!