Wednesday, January 20, 2010 4:12 PM
cmosby
Microsoft Announces Out-of-Band Security Bulletin for the IE Vulnerability – SANS Internet Storm Center
Microsoft posted "an advance notification of one out-of-band security bulletin that Microsoft is intending to release on January 21, 2010. The bulletin will be for Internet Explorer to address limited attacks against customers of Internet Explorer 6, as well as fixes for vulnerabilities rated Critical that are not currently under active attack."
For details, see:
http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx
Update:
Microsoft also posted a comprehensive overview of the exploits that target this vulnerability. See:
http://blogs.technet.com/srd/archive/2010/01/20/reports-of-dep-being-bypassed.aspx
-- Lenny
Lenny Zeltser - Security Consulting