Spyware Sucks

"There is no magic fairy dust protecting Macs" - Dai Zovi, security researcher and co-author of The Mac Hacker's Handbook.

"The Biblical wisdom “pride comes before a fall” needs to be foremost in the minds of security professionals. There are several aspects to this truth, but it starts with believing it is true. For one, the bad guys are always getting better and trying to get in. They are working harder than ever to defeat whatever you are doing to protect your enterprise. This knowledge alone will change your perspective on your job and when you are “done". What worked today may not work tomorrow. In this light, be careful about the promises you make to others regarding security and the protections you are deploying." - Dan Lohrmann

Information about the IE VML Vulnerability

Information about IE VML vulnerability posted at MS.

http://www.microsoft.com/technet/security/advisory/925568.mspx
http://support.microsoft.com/kb/925568

Jesper has also posted information about how to mitigate the threat as well:

http://msinfluentials.com/blogs/jesper/archive/2006/09/19/Block-VML-Zero_2D00_Day-Vuln-on-a-domain.aspx

Microsoft Security Response Centre blog:
http://blogs.technet.com/msrc/archive/2006/09/19/457560.aspx

Note that there will hopefully be an update released to address the vulnerability on or before 10 October 2006.

Published Wed, Sep 20 2006 7:44 by sandi

Comments

# re: Information about the IE VML Vulnerability

Saturday, September 23, 2006 1:27 AM by sandi

It is important to note that IE7 is immune to this vulnerability: http://msmvps.com/blogs/spywaresucks/archive/2006/09/23/137132.aspx