Last week, everybody and their brother wrote about the new 0-day exploit for Windows that allows remote code execution when web browsing. Now there’s an IM worm going around to exploit it.
<p>At this point, Microsoft <i>still</i> hasn’t released a patch for it. There’s a <a href="http://isc.sans.org/diary.php?storyid=999">third-party</a> patch available which reportedly is sufficient.</p>
<p>If you don’t have an IDS running, you’re in trouble. If you do have an IDS running, the rule to detect it is very CPU intensive. </p>
<p>If you haven’t de-registered the WMF DLL you’re in trouble. If you have de-registered the DLL, word is there are other vectors to exploit the same problem.</p>
<p>If you’re not running the latest version of Outlook, you’re in trouble. If you are running the latest version of Outlook, you can still get infected if you fall for a phishing attack.</p>
<p>If you’re still running Internet Explorer - well, you’re not so worried about this <a href="http://getfirefox.com">security</a> stuff anyway.