Dec 11 2008
Patch Tuesday – Fail
This week contained the proverbial MSFT patch Tuesday, this set of patches contained 8 advisories patching items from Internet Explorer, MS Office Components, Windows Explorer, etc.. So in all this was a pretty heavy Black Tuesday for MSFT.
The Fail
As MSFT was releasing their patches another group of people were releasing their own little bug. On Tuesday morning as the patches from MSFT were being released several online publications starting reporting a new IE 0day exploit in the wild. All the publicity started here at PC World and from there it just rolls down hill.
The flaw was made public in Chinese language discussion forums two days ago by a security group called the Knownsec team. In tests, it worked on IE 7 running on Windows XP, Service Pack 2.
Since the initial report out of PC World the news starts to spiral out of other media outlets. However nothingĀ good gets published until HD Moore does some really good analysis on the exploit over at the Breaking Point Security blog.
Defenses
- Start off by switching browsers to FireFox. You can get it here.
- Enable DEP on your system,
Until MSFT releases a patch for this I would recommend switching to another browser.
