NEWS FROM THE LAB - Wednesday, February 11, 2009

MS09-002/MS09-004, Consistent Exploit Code Likely Posted by Sean @ 12:23 GMT

Two of yesterday's Microsoft Updates have Exploitability Index Assessments of 1 — Consistent exploit code likely.

First there's MS09-002 which addresses two vulnerabilities in Internet Explorer 7.


And then there is MS09-004 which patches a vulnerability in Microsoft SQL Server.

You can see from the bulletin that exploit code has already been published for the SQL vulnerability.


The Internet Explorer 7 vulnerability allows for Remote Code Execution on Windows XP SP2/3 and Windows Vista. Considering the installed base, and the high Exploitability assessment, expect to see exploits in-the-wild very soon.

Our Vulnerability Description for IE7 provides links to each of the individual updates should you need to manually update.