ISC is reporting that they’re seeing exploits of MS09-002 in the wild. MS09-002 is an exploit which allows for remote code execution on IE7. The vulnerability was first reported to MS in October of 2007 by the Zero Day Initiative. Microsoft issued the patch a week ago. Given this, ISC is also claiming that it is likely that the patch was reverse engineered to find the vulnerability, and I would have to agree. I’m sure the anti-disclosure crowd will be using this one as proof positive for their position in the future.

Tags: disclosure, IE7, Microsoft, patch

This entry was posted on Tuesday, February 17th, 2009 at 1:42 pm and is filed under news. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.