Now you too can mount your own Operation Aurora Attacks!!!

Filed Under: SophosLabs

But don't.  Please don't!...      just....       don't!...

Instead, why don't you apply the out-of-band patch ( MS10-002 ) that Microsoft has just released...?!!!

Patching remote-code-execution vulnerabilities is usually "a good idea" to say the least.  But, considering that:

Microsoft rushed to get this patch out...... ( Thank you Microsoft! )

And that, this patch addresses several Internet Explorer vulnerabilities - of which includes CVE-2010-0249 - the infamous "Aurora attacks" related vulnerability that's well known to be making the rounds in the wild.

Annnnd that, the Metasploit framework has released an update that can generate attacks based on this..... Which means that every script-kiddy / pentester / disgruntled-monkey-with-a-laptop can mount their own little mini operation Aurora-like attacks.

windows/browser/ie_aurora

Annnnnnd that, Microsoft has posted an advisory about an unpatched elevation of privilege attack that affects most Windows NT platforms ( from Windows NT 3.1 to, and including, Windows 7 ) - which there is proof-of-concept code now publicly available for.....

One, probably ought to apply this patch as soon as possible.

For more information on the recent Microsoft Security Update or Advisory, see the latest SophosLabs vulnerability analysis here.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s