CVSSv2 Base Score = 9.3
Source: nvd.nist.gov | Generated: 2010-01-18 | Disagree?

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

2010/03/14 03:06:48 | More Anti-Virus Fail

from: Information Week

...Aurora" incidents. The vulnerability in those attacks was a flaw in Microsoft Windows Internet Explorer known as CVE-2010-0249. For its testing NSS Labs created variants of the Operation Aurora attack and tested the anti-malware software to see which of the...

2010/03/11 19:12:02 | BitDefender(R) Issues Protection against New Vulnerabilities in Internet Explorer(R) 6 and 7 BitDefender Now Protects Against Similar ..

from: PR-Inside.com

...svohost.exe (detected by BitDefender as Gen:Trojan.Heur.PT.cqW@aeUw@pbb). This approach is similar to the one described in CVE-2010-0249 : that has been used in targeted attacks against 34 major corporations : including Google and Adobe. Mitigating the risks ...

2010/03/02 17:53:40 | Google Attack Based on Unpatched IE Flaw

from: ComputerWorld

...aforementioned zero-day flaw, which can trigger an attack if you view a malicious Web page or poisoned banner ad. The MS10-002 update is rated critical for all supported versions of Internet Explorer, from IE 5 on Windows 2000 through IE 8 on Windows 7. Run...

2010/02/04 16:10:57 | Time for Internet Explorer Users to Update Browser

from: LiveScience.com

...protect the economy, government services, and the national security of the United States. “ Microsoft Security Bulletin MS10-002 was made available to all Windows users through the Windows Update feature. But patching the 8-1/2 year old program will not solve...

2010/02/04 06:08:59 | Fortinet January Threatscape Report rings in busy new year

from: AME Info

...share the same name as Sleeping Beauty; however, it's anything but calm and beautiful. Code-named "Aurora" (actual identifier: CVE-2010-0249), the zero-day Internet Explorer vulnerability came out in mid-January and quickly sky-rocketed to fourth spot for...

2010/02/03 17:57:58 | Millions of Explorer users must update browser

from: MSNBC

...protect the economy, government services, and the national security of the United States. Microsoft Security Bulletin MS10-002 was made available to all Windows users through the Windows Update feature. But patching the 8 1/2 year old program will not solve...

2010/02/02 21:46:49 | Google Pulls Support for Internet Explorer 6

from: RedmondMag.com

...of new technologies across their desktops requires more planning." On January 21, Microsoft released a security bulletin (MS10-002) to address eight vulnerabilities in Internet Explorer. The cumulative update included a fix for the remote code execution vulnerability...

2010/02/02 15:21:28 | Fortinet's January Threatscape Report Rings in Busy New Year, Highest Levels of Malicious Code Ever Detected

from: Freshnews.com

...the same name as Sleeping Beauty; however, it's anything but calm and beautiful. Code-named "Aurora" (actual identifier: CVE-2010-0249), the zero-day Internet Explorer vulnerability came out in mid-January and quickly sky-rocketed to fourth spot for malicious...

2010/01/26 10:11:48 | Clients urged to update to Internet Explorer 8

from: MaltaMedia

...the 21st of January, 2010, Microsoft released Security Bulletin MS10-002 out-of-band to address vulnerabilities in Internet Explorer. All customers using currently supported versions of Windows and Internet Explorer should apply this update as soon as possible. Once...

2010/01/25 16:17:47 | Microsoft's IE has still more flaws

from: Inquirer

...activists, but now it has not just one but several. These tip up just days after it issued an out-of-band patch for its ms10-002 security bulletin. As we mentioned last week, Microsoft had already been fully aware of the IE 6 flaw after Meron Sellen, a white-hat...

2010/01/22 15:17:02 | Microsoft releases emergency Internet Explorer patch

from: Irish Independent

...– fixes the security flaw that is thought to be related to recent hack attacks against Google and other organisations. The MS10-002 security update will patch the vulnerabilities in internet Explorer that pose a security risk, and will also fix other critical problems...

2010/01/22 15:27:39 | Microsoft patches IE vulnerability, but perhaps months later than it should have done

from: Guardian Unlimited

...expected, Microsoft shipped patch MS10-002 yesterday to fix the Internet Explorer vulnerability that may have affected Google, gave some journalists panic attacks, and almost brought the governments of France and Germany to their knees. The patch is important...

2010/01/22 18:12:10 | Emergency Internet Explorer patch available

from: NetworkWorld

...emergency Internet Explorer patch will be available for download from around 6pm UK time. The statement explains that "MS10-002 [is] a security update to address the limited attacks against customers of Internet Explorer 6, as well as fixes for vulnerabilities...

2010/01/22 16:46:06 | MS knew of Aurora exploit four months before Google attacks

from: The Register

Microsoft first knew of the bug used in the infamous Operation Aurora IE exploits as long ago as August, four months before the vulnerability was used in exploits against Google and other hi-tech firms in December, it has emerged. Redmond's security

2010/01/22 05:24:59 | Industry welcomes the Microsoft out-of-band patch for Internet Explorer

from: SC Magazine

...as possible. The patch, labelled MS10-002 fixes a total of eight vulnerabilities, including the zero-day that is identified as CVE-2010-0249. Jerry Bryant, security program manager for Microsoft Security Response Center, said: “This Internet Explorer security...

2010/01/22 15:44:59 | Microsoft knew about IE6 flaw for months

from: Inquirer

...coverage of the Chinese Google hack greatly expedited its early release. If you want to see the Vole's small print vote of acknowledgement to Meron Sellen for reporting the HTML Object Memory Corruption Vulnerability (CVE-2010-0249), have a look here. µ...

2010/01/21 16:00:00 | Emergency Microsoft Update Fixes IE Zero-day

from: NetworkWorld

...for all supported releases of Internet Explorer. The update will be distributed automatically via Windows Update. While MS10-002 is essential across-the-board, only IE 6 has so far suffered attacks against the invalid pointer reference flaw. Microsoft says...

2010/01/22 12:33:33 | Microsoft releases emergency Internet Explorer patch

from: The Telegraph

...fixes the security flaw that is thought to be related to recent hack attacks against Google and other organisations. The MS10-002 security update will patch the vulnerabilities in internet Explorer that pose a security risk, and will also fix other critical problems...

2010/01/22 10:17:50 | Microsoft patches critical Internet Explorer hole

from: Hexus

...which rival browsers - including Opera, Google's Chrome and Mozilla's Firefox - have all announced new reasons for users to switch. Microsoft's IE security update (MS10-002) is available via Windows Update for Internet Explorer versions 5.01, 6, 7, and 8....

2010/01/22 11:47:39 | Will switching from Internet Explorer make you safer?

from: ZDNet

...should install today’s Cumulative Security Update for Internet Explorer (described in KB978207 and Microsoft Security Bulletin MS10-002). This update should be delivered automatically via Windows Update or Windows Software Update Services. You should also...

2010/01/22 02:42:25 | Microsoft Security Bulletin MS10-002 - Critical

from: eTaiwan News

... This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Inte...

2010/01/21 17:09:24 | Microsoft patches Internet Explorer hole used in spying

from: SC Magazine

...planning to fix it, as part of cumulative IE update, when it released its scheduled patches in February. It rushed the patch (MS10-002) early once news broke of the attacks, believed to have originated in China. "Once applied, customers are protected against...

2010/01/21 22:24:16 | Critical out-of-band patch for Internet Explorer now available

from: Download Squad

...7, you should be safe . Moving quickly to plug the hole and prevent any future exploits, Microsoft has just released patch MS10-002 . I can't find a download link, but the security bulletin says if you have automatic updates turned on, your browser should...

2010/01/20 20:47:27 | Microsoft Security Bulletin MS10-002 Coming Thursday for IE Zero-Day

from: PC World

...for Microsoft, said "Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21, 2010. We are planning to release the update as close to 10:00 a.m. PST as possible." While the initial...

2010/01/21 20:34:04 | Emergency Microsoft Update Fixes IE Zero-day

from: PC World

Microsoft today released a rare patch outside of its normal monthly update cycle to fix an under-attack zero-day security hole in Internet Explorer. The high-profile attacks against Google, Adobe and other companies took advantage of the invalid

2010/01/21 20:30:07 | Microsoft Releases Critical Internet Explorer Patch

from: TechWeb

Microsoft on Thursday released an out-of-band patch, MS10-002, to address eight vulnerabilities in Internet Explorer, a move prompted by the revelation last week that a series of cyber attacks from China on Google and some 33 other companies relied on

2010/01/21 15:46:53 | Microsoft to issue emergency patch today for IE flaw

from: VNUNet.com

...emergency out-of band patch to fix the Internet Explorer zero day security vulnerability. The company said that the MS10-002 security update will address “the limited attacks against customers of Internet Explorer 6”, as well as fix vulnerabilities rated critical...

2010/01/21 14:53:17 | Microsoft set to release critical IE patch today

from: ZDNet

...running IE6, the fix also applies to IE7 and IE8. Here’s the official word, via a Microsoft spokesperson: “(W)e will be releasing MS10-002  (on) January 21, 2010. We are planning to release the update as close to 10:00 a.m. PST as possible. This is a standard...

2010/01/21 12:56:10 | Microsoft fixes IE6 flaw off schedule

from: Inquirer

MICROSOFT'S HAND has been forced to issue a critical out of band advanced notification security bulletin to deal with potential hack attacks on Internet Explorer (IE) 6. The out-of-band security advisory comes almost three weeks ahead of Microsoft's

2010/01/21 06:04:53 | Microsoft will release an out-of-band patch for the Internet Explorer zero-day vulnerability tonight

from: SC Magazine

...in Internet Explorer. Jerry Bryant, security program manager for Microsoft Security Response Center, said that the MS10-002 patch will be released today as close to 10am PST (6pm GMT) as possible. He said: “This is a standard cumulative update, accelerated...

2010/01/21 10:52:09 | 'Operation Aurora' Google China patches imminent

from: ComputerWorld

...the patch so quickly. The Internet will be a little bit safer once everyone rolls out the patch. We will be releasing MS10-002 ... January 21st ... 10:00 a.m. PST. ... Once applied, customers are protected against the known attacks that have been widely publicized....

2010/01/20 20:08:52 | Why Is Internet Explorer 6 Still Hanging Around?

from: TechNewsWorld

...technical reasons to a lack of understanding of the current security threat landscape. Microsoft will release the patch, MS10-002, on Thursday, Jerry Bryant, its senior security program manager, told TechNewsWorld. The vendor issued advance notification of...

2010/01/21 19:55:41 | Microsoft Patches IE Security Vulnerability Involved in Google Attack

from: eWeek

...serious of which can be exploited for remote code execution. The flaw at the center of the cyber-attack on Google is CVE-2010-0249.  According to new findings from Symantec, the fix comes as a new exploit targeting the vulnerability has begun to make the...

2010/01/21 20:34:24 | Microsoft knew of IE zero-day flaw since last September

from: ZDNet

...code execution attacks. The patches are included in the critical MS10-002 bulletin. The vulnerability used in the attacks (CVE-2010-0249) was private reported to Microsoft last August by Meron Sellen, a white-hat hacker at BugSec, an Israeli security research...

2010/01/19 15:19:48 | Zscaler Positioned in the Visionaries Quadrant of the Magic Quadrant for Secure Web Gateway

from: RedOrbit

...security and services provider. "In the light of zero-day vulnerabilities such as the one from Microsoft last week (CVE-2010-0249), Zscaler's ability to protect partners and customers without having to install patches on any devices truly reaffirms our choice." "We...

2010/01/19 11:57:21 | IE6 exposed as Google China malware unpicked

from: The Register

...China last month. It's now known that the attack took advantage of a zero-day vulnerability in Internet Explorer - CVE-2010-0249 - to drop malware onto compromised systems. After backdoor components (malicious Windows library files) are loaded, pwned systems...

2010/01/15 07:42:21 | Zscaler Deploys Protections for Internet Explorer Zero-Day Vulnerability

from: RedOrbit

...has globally deployed protections to combat a zero-day vulnerability in Microsoft Internet Explorer. The vulnerability (CVE-2010-0249) affects all currently supported versions of Internet Explorer and has been tied to recent high profile, targeted attacks. Numerous...