<<<
Wednesday, February 11, 2009
>>>
 
MS09-002/MS09-004, Consistent Exploit Code Likely Posted by Sean @ 12:23 GMT

Two of yesterday's Microsoft Updates have Exploitability Index Assessments of 1 — Consistent exploit code likely.

First there's MS09-002 which addresses two vulnerabilities in Internet Explorer 7.

MS09-002

And then there is MS09-004 which patches a vulnerability in Microsoft SQL Server.

You can see from the bulletin that exploit code has already been published for the SQL vulnerability.

MS09-004

The Internet Explorer 7 vulnerability allows for Remote Code Execution on Windows XP SP2/3 and Windows Vista. Considering the installed base, and the high Exploitability assessment, expect to see exploits in-the-wild very soon.

Our Vulnerability Description for IE7 provides links to each of the individual updates should you need to manually update.






<<< Safer Internet Day 2009
|
SQL Injection >>>