0 Replies Latest reply on Feb 18, 2009 12:58 PM by HarryWaldron

    MS09-002 IE Exploit in the wild

      Several security sites are highlighting MS09-002 exploits in the wild. while this is an attack on Internet Explorer security, this malware attack is embedded in a malicious Word document to potentially trick individuals. It is anticipated that other forms of attack on unpatched systems will continue to surface as this bulletin has a high exploitability rating.

      MS09-002 IE Exploit in the wild
      http://isc.sans.org/diary.html?storyid=5884
      http://blog.trendmicro.com/another-exploit-targets-ie7-bug/
      http://blogs.pcmag.com/securitywatch/2009/02/malware_targets_recentlypatche.php
      http://www.avertlabs.com/research/blog/index.php/2008/12/17/ie-7-exploit-reloade d-the-new-face-of-drive-by-attacks-using-doc-files/
      http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatche d-drive-by-exploit-found-on-the-web/

      QUOTE: Several AV vendors reported about MS09-002 exploits in the wild. We can confirm this – the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working as charm on an unpatched Windows XP machine.

      Initially there was some confusion about this attack as most AV vendors mentioned Word documents. The exploit targets Internet Explorer 7, but so far it has been delivered to the end user as a Word document. That being said; there is absolutely nothing preventing attackers from using the exploit in a drive-by attack (and we can, unfortunately, expect that this will happen very soon).

      PATCH NOW -- PLEASE ENSURE YOU HAVE APPLIED MS09-002 SECURITY PATCH
      http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx