Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: * Microsoft Out Of Band Patch Release - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
* Microsoft Out Of Band Patch Release

Microsoft released the out of band security bulletin and patch it announced yesterday. MS10-002 is a cumulative patch for Internet Explorer. It fixes a total of 8 vulnerabilities. The "famous" vulnerability that triggered the release, CVE-2010-0249, is currently being exploited. According to the bulletin, none of the other vulnerabilities are currently being exploited and all had been disclosed to Microsoft directly without any prior public disclosure.

Given the number of ever improving exploits against CVE-2010-0249, and the publicly known use of these exploits, we recommend that you patch as soon as possible.


140 Posts
Jan 21st 2010
Note that a security update for Silverlight was released on Tuesday, January 19th. No bulletin, but claims "This update includes functional, performance, reliability, and security improvements."
We rolled this out to our Citrix environment last night and our sys admins are saying it is causing major issues with XenApp. No solid confirmation, but I would advise anyone relying on Citrix XenApp to test carefully!

17 Posts

Sign Up for Free or Log In to start participating in the conversation!