Yes, they announced it via http://blogs.technet.com/msrc/archive/2008/12/16/advance-notification-for-december-2008-out-of-band-release.aspx
Juha-Matti Paul Ferguson [[email protected]] kirjoitti: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Via the ZDNet "Zero Day" Blog. > > [snip] > > Microsoft is planning to ship an emergency Internet Explorer update > tomorrow (December 17) to counter an escalating wave of malware attacks > targeting a zero-day browser vulnerability. > > The out-of-band update, which will be rated critical, follows the public > discovery of password-stealing Trojans exploiting the bug on > Chinese-language Web sites. Over the past week, the attacks have expanded > with hackers using SQL injection techniques to seed exploits on legitimate > Web sites. > > This will be the second out-of-band update from the MSRC (Microsoft > Security Response Center) in the last two months. Back in October, the > company shipped MS08-067 to plug an extremely critical worm hole that > affected Windows 2000, Windows XP and Windows Server 2003. > > The IE patch will be available for all supported versions of the browser. > According to this pre-patch advisory from Microsoft, the in-the-wild > attacks have targeted IE 7 on Windows XP SP2 and SP3, Windows Server 2003 > SP1 and SP2, Windows Vista (including SP1) and Windows Server 2008. > > [snip] > > More: > http://blogs.zdnet.com/security/?p=2317 > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > > wj8DBQFJSApwq1pz9mNUZTMRApneAJ9STHREP6x7Y9ronUHcA3xU9u3KSACbBzda > QtMHjR/LqU4FS3y7dy4/okE= > =RoG2 > -----END PGP SIGNATURE----- > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawgster(at)gmail.com > ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
