Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: The IE saga continues, out-of-cycle patch coming soon - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The IE saga continues, out-of-cycle patch coming soon

 No, there still isn't a patch, but there will be one before the regular Microsoft patch day in February.  The MSRC has posted a note on their blog saying the timing will be announced tomorrow.  In the meantime, we are hearing that the folks at VUPEN have found a way to bypass DEP as long as javascript is enabled (no, this doesn't appear to be the .NET ones from last year) which would make even IE8 vulnerable, we don't have the details at present, but if true this is a major development.  This is a concern since Microsoft's advice is for those using IE6 and IE7 to move to IE8 where DEP is on by default.  In any event, we continue to monitor the situation.

Jim Clausing, jclausing --at-- isc [dot] sans (dot) org

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022


423 Posts
ISC Handler
Jan 19th 2010

Sign Up for Free or Log In to start participating in the conversation!