Microsoft updated its Security Advisory for the recently discovered zero-day vulnerability in the way Internet Explorer handles XML. As it seems, not only Internet Explorer 7 contains the security hole, but also IE5, IE6 and IE8 Beta. The range of affected operating systems starts with Windows 2000 SP4 and goes up to Windows Server 2008; also the 64-bit versions – x86 as well as itanium-based architectures – are vulnerable.

So far we didn’t see exploits for the other browser and operating system versions, only those our antivirus products already detect seem to be more widely distributed. But we closely monitor the underground for new exploits.

Update December 12, 2008, 13:00h MET: H. D. Moore published a module for his exploit-framework Metasploit which produces exploits that work on Windows XP SP2 and Vista, no matter if DEP is enabled for the Internet Explorer or not. Using a different browser like Firefox, Chrome or Opera – maybe even Safari – is the only proper mitigation for that problem currently. Microsoft suggest to block access to oledb32.dll via ACL and to set the security level for the internet zone to high, but that might not be enough – like the suggested activiation of DEP.

Dirk Knop
Technical Editor