Security Update – Microsoft issues emergency patch for IE in Aurora attack and short update on other issues

Friday, January 22, 2010

Today (1/21/2010) Microsoft issued an emergency patch for IE – that should plug the hole used in the Aurora attack. It should roll out to pretty much everyone within 24 hours.

If you’re running automatic update, you should be patched – but here’s the skinny: Microsoft Security Bulletin MS10-002-Critical

At this point, the real-world attacks have only occurred under IE 6, but the flaw exists in all unpatched versions of Internet Explorer. Please see my previous entry: The Aurora attack – can you be safe from cyberattack in your business for more information.

Additionally, we’re seeing continued traffic from China that is spam-bot and probing attacks against civilian business. These attacks are mostly aimed at web sites currently. Blocking code seems to be holding at this point, I will soon post an article on how to do that.

As usual, keep up the basics. In a future article I will go over some thoughts about where to focus on next.

-David Lyle
Thunderpaw