NEWS FROM THE LAB - Thursday, January 21, 2010

Microsoft Vulnerabilities Posted by Sean @ 14:33 GMT

Microsoft is releasing an out-of-band update for their IE vulnerability.

Internet Explorer 6 is affected and is being actively exploited in the wild.

The patch will be released on the 21st, today, see Microsoft's Security Bulletin for additional details.

Updated to add: Microsoft Security Bulletin MS10-002.

What version of Internet Explorer do you have installed? (Poll)

Poll results

Also in Microsoft news, Security Advisory (979682). There's a vulnerability in Windows kernel privilege escalation.

The vulnerability affects all versions of Windows (NT 3.51 up to Windows 7), on non x64-based systems, unless 16-bit application support is disabled.

There's a workaround for disabling 16-bit support provided in Microsoft's Security Advisory.

Disabling 16-bit applications will mitigate the issue. Then, you'll be all set.

Unless you happen to use a 16-bit, 420 byte tool, from 1998, to convert hex to dec…


Some people still use such apps in 2010, for real.