Skip to main content
MSRC

Advisory 979352 Update for Monday January 18

For today’s update we want to share some insight on the current threat landscape for Security Advisory 979352, some new resources we have published and the current status on producing a security update.

As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6.

We have not seen successful attacks on Internet Explorer 8. We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers. **

Additionally at this time, we have not seen any successful attacks against Internet Explorer 7. However, earlier today, we were made aware of reports that researchers have developed Proof-of-Concept (PoC) code that exploits this vulnerability on Internet Explorer 7 on Windows XP and Windows Vista. We are actively investigating, but cannot confirm, these claims.

Today we also published a guidance page, including an online video, for home users who may be confused, or concerned, about this security vulnerability and want to know what they should do to protect themselves from the known attacks. This page is located here.

Get Microsoft Silverlight More listening and viewing options: - Windows Media Video (WMV) - Windows Media Audio (WMA) - iPod Video (MP4) - MP3 Audio - High Quality WMV (2.5 Mbps) - Zune Video (WMV)

Jonathan Ness from our Security Research & Defense team has also provided a video explaining Data Execution Prevention (DEP). While this technology offers a key mitigation against known attacks, how it works is somewhat complicated, so this video is to help people unfamiliar with DEP, better understand it.

Get Microsoft Silverlight More listening and viewing options: - Windows Media Video (WMV) - Windows Media Audio (WMA) - iPod Video (MP4) - MP3 Audio - High Quality WMV (2.5 Mbps) - Zune Video (WMV)

Customers have been asking us when we will have an update available for this issue and if we will release the update out-of-band. We want to let customers know that we will release this security update as soon as the appropriate amount of testing has been completed. While we cannot yet give a date of when that will be we will keep customers updated.

We will continue to monitor the threat landscape, and we will provide daily updates as things develop.

Thanks!

Jerry Bryant

*This posting is provided “AS IS” with no warranties, and confers no rights


How satisfied are you with the MSRC Blog?

Rating

Feedback * (required)

Your detailed feedback helps us improve your experience. Please enter between 10 and 2,000 characters.

Thank you for your feedback!

We'll review your input and work on improving the site.