MICROSOFT made public information about the exploit code for the vulnerability used in recent attacks against IE 6 users earlier this week. Anytime soon, expect the release of an out-of-band security update.
"We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability," George Stathakopoulos, General Manager of Trustworthy Computing Security at Microsoft said in his blog post.
"Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6. We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers. We also recommend customers consider deploying the workarounds and mitigations provided in Security Advisory 979352," he explained.
Stathakopoulos further said that, "given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability."
Microsoft plans to release the specific timing of the "out-of-band" security update today, January 20. So far, the update that has been installed was for Microsoft Silverlight (KB979202) which includes functional, performance, reliability and security improvements.
Update 1/21/2001 8:00 AM, MNL time:
Microsoft announced through advance notification that they will be releasing MS10-002 tomorrow, January 21st, 2010 (January 22 in the Philippines).
"We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible. This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released," Jerry Bryant, Security Program Manager of Microsoft's PSS Security Team, said.
Update 1/22/2010: Out of Band Security Update released! Dowload now.