The IE saga continues, out-of-cycle patch coming soon
No, there still isn't a patch, but there will be one before the regular Microsoft patch day in February. The MSRC has posted a note on their blog saying the timing will be announced tomorrow. In the meantime, we are hearing that the folks at VUPEN have found a way to bypass DEP as long as javascript is enabled (no, this doesn't appear to be the .NET ones from last year) which would make even IE8 vulnerable, we don't have the details at present, but if true this is a major development. This is a concern since Microsoft's advice is for those using IE6 and IE7 to move to IE8 where DEP is on by default. In any event, we continue to monitor the situation.
---------------
Jim Clausing, jclausing --at-- isc [dot] sans (dot) org
Keywords: CVE20100249 IE
0 comment(s)
My next class:
LINUX Incident Response and Threat Hunting | Online | Japan Standard Time | Oct 21st - Oct 26th 2024 |
×
Diary Archives
Comments