Two new critical MS vulnerabilities released in early January the IE flaw (buffer overflow in the XML parser) is particularly nasty. This is a client side bug which can be triggered by clicking a malicious link from anywhere including emails...
This bug is rated "Extremely Critical", easiest workaround is to use Firefox for browsing until patched.
http://www.microsoft.com/technet/security/advisory/961051.mspx
http://secunia.com/advisories/33089/
The MS-SQL white has potential currently only allows privilege escalation and no remote code execution.
http://www.sec-consult.com/files/20081209_mssql-sp_replwritetovarbin_memwrite.txt
Sentinel IPS has signatures to protect against both.
Expoit Code Release for IE XML vuln:
http://www.milw0rm.com/exploits/7410
http://www.milw0rm.com/exploits/7477
http://www.milw0rm.com/exploits/7403
As always patch, patch, patch!
No comments:
Post a Comment