Microsoft has announced that today (21-01-2010) at approximatelyÂ 6pm (UK time), it will release an emergency out-of band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies. The vulnerability affects Internet Explorer 6, 7 and 8, which make up the bulk of the versions used today. However, the only in-the-wild exploit code for this vulnerability detected thus far is confirmed to affect just Internet Explorer 6.
Keep an eye on the Microsoft Security Site for more information.
Also check out the Mircrosoft Advisory on this matter (979352).
Here is the patch MS10-002
Earlier on this month we had yet another Adobe Reader Zero Day, its really becoming a common theme this year and who knows when its going to end.
I think Adobe make some good products, but they just seem to be having some issues with secure coding or something. Perhaps the tools are not being used the way they were intended I dont know, so why not do something about it.
I am by no means a PDF expert so I am not really the best person to comment, but I know a man who is. Didier Stevens is the master, just check out his blog.
Didier will be speaking to us on the first episode of the eurotrash security podcast.