Hi folks,
It’s fairly well known (well, well-known if you’re a security geek) that CVE-2010-3962 is in the Wild, but over the last couple of days, we’ve begun detecting it in the Eleonore Exploit Kit.
This raises the stakes considerably, as it means that anyone can buy the kit for a few hundred bucks, and they have a working 0-day.
What this means to Microsoft, is that they should consider issuing an out-of-band patch.
What this means to you, if you’re a non-geek, is that until Microsoft releases said patch, you should install something that’s pretty good at detecting and blocking web-based attacks. <Shameless self-promotion mode ON> Ahem…LinkScanner is free, and works with everyone’s antivirus, even if you’re not an AVG customer. <Shameless self-promotion mode OFF>
Seriously though, it _is_ in the Wild, and you do have to be careful.
Keep safe folks,
Roger
Related Posts
- Windows 0day Exploit Bypasses UAC
There has been a proof-of-concept (POC) in the wild that includes source code containing information on how to exploit a flaw in Windows kernel API RtlQueryRegistryValues, which can lead to privilege... - New Windows 0-day exploit speaks chinese
This isn't exactly what could be defined a lucky year for Microsoft. If Windows 7 sales are booming, on the other hand the operating system made-in-Redmond has been hit hard by a lot of targetted at... - Exploit kit inclusion could make IE 0-day a big headache
Microsoft last week published a security advisory alerting users to a flaw in Internet Explorer 6, 7, and 8 that allowed remote code execution. At the time of the advisory, the ... - Nobel Prize Site Infected to Serve 0-Day Firefox Exploit
Security software company Norman has detected a 0-day vulnerability in Firefox 3.5 and 3.6 being used by malware in the wild. This morning the Nobel Prize web site was compromised to serve th... - New Adobe 0day exploit in the wild
Early this week Adobe released a new security advisory about a critical vulnerability found in their Adobe Acrobat and Acrobat reader applications. Even the Internet Storm Center issued a security ad... - New MS 0-day ActiveX (MSVidCtl dll exploit)
This was just announced this morning and was found in the wild on several Chinese forums. Apparently this has been rampant for almost a month undetected.This is a client side (browser) exploit, so vi... - Finjan prevents 0-day exploit of Adobe Acrobat Reader and Flash player vulnerability
Finjan’s Malicious Code Research Center (MCRC) has detected yet another case of a 0-day attack “in the wild”. This time, hackers are exploiting a vulnerability (CVE-2009-1862) in Adobe Acrobat/Reader... - Poisoned Google image searches becoming a problem
If you are a regular user of Google's search engine you might have noticed that poisoned search results have practically become a common occurrence. Google has, of course, noticed this and does its be... - Firefox 4 gets its first security update
Yesterday, five weeks after shipping Firefox 4, the Mozilla project published the new browser's first-ever security update. The Firefox version number bumps up to 4.0.1.The update fixes 50-odd bugs in... - Web Security Gets Another Reality Check
On April 11, Malaysian hackers embarrassed Barracuda Networks by exploiting code vulnerability through an SQL injection and triumphantly posting names, email addresses, and passwords belonging to Barr...
Posted on 09 February 2011. Tags: 0day, Exploit, Heads, up...
