Today, just 7 days after the discovery of a critical zero-day exploit in Microsoft's popular Internet Explorer (see Microsoft Security Advisory 961051), Microsoft has released its analysis and a public patch via various Windows Update services.
We at NSS Labs has been following this closely, as live exploits have been circulating and growing rapidly, reaching more than 10,000 infected sites (TrendMicro). There are different implementations, including java script and ActiveX that exploit the XML parser in IE versions 5.01 through IE8 beta 2. See the official description and analysis from Microsoft MS08-078 for a complete list of affected versions and systems. And on the more interesting side, HD Moore at BreakingPoint Systems describes his analysis.
skip to main |
skip to sidebar
Security Product Testing
This blog contains perspectives and commentary on network, host and security product testing & certification, industry trends, and PCI compliance from NSS Labs experts.
Topics
- Testing (40)
- anti-malware (18)
- nsslabs (18)
- Security (14)
- Exploit (13)
- IPS (13)
- Products (13)
- events (11)
- PCI Compliance (10)
- Browser (9)
- Methodologies (8)
- vulnerability (4)
- Misc (3)
- News (3)
- Performance (2)
- Phishing (2)
- firewall (1)
Posts
