Computer Security Research - McAfee Labs Blog

Patch Released for Recent Microsoft Zero Day (CVE-2010-0249)

Thursday January 21, 2010 at 12:14 pm CST
Posted by Craig Schmugar

Microsoft has released Security Bulletin MS10-002, regarding Internet Explorer vulnerabilities. In addition to patching the flaw exposed by Operation Aurora, the company released patches for seven other vulnerabilities.

We are aware of reports of private CVE-2010-0249 exploits impacting Internet Explorer 7 and 8 (though these are mitigated with ASLR and DEP). Historically, the odds of private exploits being made public rise dramatically after a patch is released.

In my last post, I mentioned many detections were occurring on systems residing in China. The number of detections today in the United States are closing that gap.

This is not a patch to put on the back burner.

This entry was posted on Thursday, January 21st, 2010 at 12:14 and is filed under Security Bulletins, Un-Patched Vulnerabilities, Web and Internet Safety, Zero-Day. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Patch Released for Recent Microsoft Zero Day (CVE-2010-0249)”

Gunilla Brolin Says:
January 21st, 2010 at 18:41
How do I run the patch to remedy the Operation Aurora? My laptop has already been infected, and now I am desperate to protect my desktop.
Jill French Says:
January 23rd, 2010 at 11:59
Is McAfee planning on releasing a HIPS signature? We rely on HIPS in our environment to protect against unpatched systems. We’re currently deploying this out-of-band patch, but would like to have the added protection of HIPS as well. Or can you confirm that the buffer overflow protection from HIPS will protect against all exploits from this vulnerability?

Patch Released for Recent Microsoft Zero Day (CVE-2010-0249)

2 Responses to “Patch Released for Recent Microsoft Zero Day (CVE-2010-0249)”

Leave a Reply

Archives

Categories