Links
- Other Posts
- Is HTTPS Still Secure?
- More IE Flaw Details
Out-of-Band Patch Coming for IE Vulnerability
GSA Reference Number: AD081216-01
Simply Put: Microsoft will be releasing an out-of-band patch today, December 17, to address the critical Internet Explorer vulnerability currently being exploited by malicious websites. The patch affects Internet Explorer 6 and 7 and is rated critical by Microsoft. Since this exploit allows remote code execution, Gladiator recommends applying the patch as soon as possible.
Details: The Advanced Microsoft Security Bulletin has detailed information on the patch. The vulnerability is currently being exploited to install a Trojan on affected machines. Legitimate websites are being modified by attackers to house the exploit, so the number of exposed systems is growing.
Recommendations: Gladiator recommends that institutions prepare to roll out this patch as soon as possible. Test the patch on a select number of workstations before deploying institution-wide, however do not wait more than a day or so before final deployment.
Related Links:
- Advanced Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=5497)
- Shadowserver.org compromised site details (http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210)