MS10-018 Released Out Of Cycle

Microsoft has released the patch against the iepeers.dll zero-day vulnerability.  This vulnerability is being exploited in the wild, and offers remote code execution by simply viewing a specially crafted webpage.  The patch for this unfortunately, is bundled in with 9 other responsibly disclosed vulnerability fixes.  This delays testing and deployment of the one item that needs to be patched NOW, and I really wish Microsoft would stop doing that.

Anyway, get patching.  You should not wait around to get this one onto your systems.  Desktops are the focus, however the bundling makes ALL versions of IE and Windows vulnerable.  A reboot will be required.

Advertisements