Wednesday, December 17, 2008

Internet Explorer XML 0-day and MS-SQL vulnerabilities

Two new critical MS vulnerabilities released in early January the IE flaw (buffer overflow in the XML parser) is particularly nasty. This is a client side bug which can be triggered by clicking a malicious link from anywhere including emails...

This bug is rated "Extremely Critical", easiest workaround is to use Firefox for browsing until patched.

The MS-SQL white has potential currently only allows privilege escalation and no remote code execution.

Sentinel IPS has signatures to protect against both.

Expoit Code Release for IE XML vuln:

As always patch, patch, patch!

No comments: