Print

Welcome to Smokey's Security Forums.

Guests have only limited access to the board and it's features, please consider registering to gain full access!

Registration is free and it only takes a few moments to complete.

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Gilbert]

Advisory 979352 Update for Monday January 18
19 January 2010, 2:55 am

For today’s update we want to share some insight on the current threat landscape for Security Advisory 979352, some new resources we have published and the current status on producing a security update.

As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6.

We have not seen successful attacks on Internet Explorer 8. We continue to recommend customers upgrade to Internet Explorer 8 to benefit from the improved security protection it offers.

Additionally at this time, we have not seen any successful attacks against Internet Explorer 7. However, earlier today, we were made aware of reports that researchers have developed Proof-of-Concept (PoC) code that exploits this vulnerability on Internet Explorer 7 on Windows XP and Windows Vista. We are actively investigating, but cannot confirm, these claims.

Today we also published a guidance page, including an online video, for home users who may be confused, or concerned, about this security vulnerability and want to know what they should do to protect themselves from the known attacks. This page is located here.

         More listening and viewing options:          

Windows Media Video (WMV)             Windows Media Audio (WMA)             iPod Video (MP4)             MP3 Audio             High Quality WMV (2.5 Mbps)             Zune Video (WMV)                           Jonathan Ness from our Security Research & Defense team has also provided a video explaining Data Execution Prevention (DEP). While this technology offers a key mitigation against known attacks, how it works is somewhat complicated, so this video is to help people unfamiliar with DEP, better understand it.

         More listening and viewing options:          

Windows Media Video (WMV)             Windows Media Audio (WMA)             iPod Video (MP4)             MP3 Audio             High Quality WMV (2.5 Mbps)             Zune Video (WMV)                           Customers have been asking us when we will have an update available for this issue and if we will release the update out-of-band. We want to let customers know that we will release this security update as soon as the appropriate amount of testing has been completed. While we cannot yet give a date of when that will be we will keep customers update.

We will continue to monitor the threat landscape, and we will provide daily updates as things develop.

Thanks!

Jerry Bryant

*This posting is provided "AS IS" with no warranties, and confers no rights



Source: The Microsoft Security Response Center (MSRC)

>> To obtain the full Microsoft Security Center - MSRC article, click the link in the first post line <<