Posted by: Dan O'Connor
There appears to be a release set for FridaySept 21st for CVE-2012-4969.
If you haven’t seen this, it is a pretty bad one. Here is some additional info;
The short version of what is going on is there is a vulnerability inside of all current versions of IE that is being exploited to install a trojan. From what I have been seeing so far all of the attacks I have seen use a swf file for delivery. Microsoft did a quick release of some mitigation techniques and it looks like we have a full patch set for Friday.