Friday, January 22, 2010

The Cloud is Attacking You

Collected from US-CERT and other sources:

Microsoft has released out-of-band Security Bulletin MS10-002
( to resolve seven privately reported vulnerabilities and one publicly disclosed vulnerability. This update includes resolution for a recently, reported zero-day vulnerability in Internet Explorer (IE) which is detailed in Microsoft Security Advisory 979352. (

This vulnerability may have been used in the recent attacks on Google and other organizations. Knowledge of this attack is now widely known and the broader criminal community is now leveraging this exploit.

Organizations should review Microsoft Security Bulletin MS10-002 and apply the patches as soon as possible. US-CERT recommends that the patches be tested within your organization enterprise first and then deployed in an expedited manor. In addition to patching, the recommendations below may be leveraged to better position your organization to withstand future serious vulnerabilities.

Enable Data Execution Prevention (DEP) both in software and hardware if supported (see Microsoft KB 912923). This may provide future vulnerability resiliency. (

Be proactive by defining internal servers that should generally be trusted that can be placed in Internet Explorer’s "Trusted Sites" list. By doing so, this may ease the impact to your organization should a future reactive measure be required to set the "Internet Zone" to a "High" security setting. (See Microsoft KB 174360 --