Security Advisory: MS09-002 exploit in the wild
February 20, 2009 | POSTED BY BRETT EDGAR IN ADVISORIES
Microsoft recently released a patch for security issue MS09-002
which is a vulnerability in Internet Explorer 7 that allows remote code execution. There is now an exploit in the wild for this vulnerability. The current version of this exploit steals personal data and exfiltrates it to a remote site. I would expect that RBN and BotNet infection vectors would also appear in short order.
If you are one of our NSM customers, please be assured that our NSM processes will be looking for this exploit code and we will be alerting you as necessary; however, this is a new exploit and is likely to change quickly as different malicious entities obtain the exploit code and change it to fit their nefarious needs. As such, it will be difficult to detect all versions of the exploit for several days.
I want to encourage you to ensure that all workstations on your corporate network are patched against this vulnerability, if at all possible. This occasion is an excellent reminder that it is always a good idea to update workstations (not servers) within one or two days of Microsoft's Patch Tuesday security releases.
If you have no method of pushing patches to machines, I would encourage you to send an e-mail to your users reminding them to refrain from visiting non-business-related websites as much as possible to reduce the risk of infection by this (and other) exploits.
The patch for MS09-002 is available via Windows Update
and/or Windows Software Update Services (WSUS) if your organization distributes patches internally.