Thought this was interesting… SANS’s Internet Storm Center (ISC) recently raised its Threat Level to Yellow due to an IE vulnerability described in Microsoft Security Advisory 2887505 and CVE-2013-3893 that affects most mainstream versions. In general, the Threat Level doesn’t deviate that much from Green so when it does it is definitely something take note of. The last two times occurred on March 16, 2012 (MS12020 Windows RDP Vulnerability) and September 28, 2010 (MS10070).
via ISC Diary
The Internet Storm Center is beginning to see increased evidence of exploits in the wild regarding Microsoft Security Advisory 2887505. Accordingly, we’re moving the InfoCon up to Yellow.
Per the advisory:
Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, CVE-2013-3893 Fix It Workaround, prevents the exploitation of this issue. This FixIt solution also includes EMET 4.0 guidance. Certainly consider use of EMET 4.0 where you can. Please note, the Fix It seems to only help 32-bit versions of browsers. That said the vulnerability affects all versions of Internet Explorer except in instances of Windows Server 2008 and 2012 Core installations.
Today’s post pic is from SANS.edu. See ya!