Last week Adrian Stone and I conducted a webcast to cover the Internet Explorer out-of-band security bulletin release. We only spent a short period of timing on the presentation and then spent the rest of the time answering customer questions which you can read here.
There were some interesting questions and hopefully those who attended came away with a better understanding about how to better protect themselves from emerging threats. One resource we referred customers to several times is a new blog post by the Microsoft Malware Protection Center (MMPC) where they chart attacks against CVE2010-0806 by local:
To be clear, this data comes from attempted exploits of the vulnerability against customers who are protected by Microsoft security products such as Microsoft Security Essentials and Microsoft Forefront Client Security, etc. In these cases, the exploit failed because mitigating signatures are in place (see article for details). One of the questions we got in the webcast was:
“If my malware protection is updated and covers this vulnerability, am I covered throughout the normal update cycle?”
This would only be true for known exploits and not the vulnerability itself. Once we find a new exploit, the MMPC can develop and deploy a signature for it. Applying the update addresses the vulnerability itself and is why we recommend that as the priority in addition to upgrading to the latest version of Internet Explorer (IE8) if you have not done so already.
|More listening and viewing options:|
Our next regularly scheduled bulletin release is Tuesday April 13, so that means we will be conducting another public webcast on April 14. We invite you to attend that webcast and bring any questions you have regarding the April release and we will try to answer them all live on the air. Here is the registration information:
Date: Wednesday April 14
Time: 11:00 a.m. PDT (UTC –8)
Group Manager, Response Communications
Follow us on Twitter: @MSFTSecResponse
*This posting is provided "AS IS" with no warranties, and confers no rights*