So many references but so little time.. http://www.vupen.com/english/threats/
"While the public exploit only targets Internet Explorer 6 without DEP (Data Execution Prevention), VUPEN Security has confirmed reliable code execution with Internet Explorer 8 and permanent DEP enabled. Enabling DEP will only protect your systems from public exploits, however, disabling JavaScript is the only way to prevent DEP bypass attacks." And http://blogs.technet.com/msrc/archive/2010/01/20/advance-notification-for-out-of-band-bulletin-release.aspx "Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21st, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities." Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
