By Thomas Claburn
January 21, 2010
Microsoft on Thursday released an out-of-band patch, MS10-002, to
address eight vulnerabilities in Internet Explorer, a move prompted by
the revelation last week that a series of cyber attacks from China on
Google and some 33 other companies relied on a flaw in Microsoft's
The eight vulnerabilities are rated "critical" in most cases and have an
Exploitability Index rating of 1, meaning that exploit code is likely.
In fact, proof-of-concept exploit code has already been reported and
malicious exploit code is circulating online.
Microsoft is urging customers to install this update as soon as
possible. The vulnerabilities affect Internet Explorer versions 5-8 and
Windows 2000, XP, Vista, 7, Server 2003, and Server 2008. The company
maintains that it has only seen limited and targeted attacks against
Internet Explorer 6. But other security companies see broader risk
affecting users of Internet Explorer 7 and 8.
Symantec on Wednesday said that it had detected a new exploit that
attempts to leverage one of Internet Explorer's current vulnerabilities.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News