NEWS FROM THE LAB - Monday, December 15, 2008

Extremely Dangerous Internet Explorer Security Hole - Beware! Posted by Sean @ 18:21 GMT

Updated to add: Microsoft has announced that they will be releasing out-of-band updates for this on December 17th.

Zero-day exploits are actively targeting an unpatched Internet Explorer vulnerability.

Microsoft recently expanded their Security Advisory 961051 to include all versions of Internet Explorer. The vulnerability was originally thought to only affect IE7.

As you can see, it's now a very long list of related software:

Microsoft Security Advisory 961051

There are a number of (perhaps cumbersome) workarounds that may provide some mitigation:

Microsoft Security Advisory 961051

More bad news, SQL Injection attacks are being used to hack legitimate websites in order to host exploits, turning trusted sites into malicious exploit hosts.

You can read additional details at Security Fix and eWeek.com.


Someone in the eWeek advertising department is trying to tell you something.

…and a tip of the hat goes to Camillo for providing the subject line to this post.