What’s the opposite of FUD? Unbridled optimism? Rosy colored glasses syndrome? Sheesh. This @ryanaraine posted this on Twitter this morning: Microsoft to issue out-of-cycle patch for the ‘unknown exploit’. This features such choice quotes as:
It’s the kind of development that could give “zero-day” a whole new meaning: a wave of alleged Internet Explorer exploits, the total number of experimentally validated cases of which apparently numbers zero.
What in the Wide Wide World of Sports is “experimentally validated cases?” Did I miss something here? Is this some kind of new InfoSec standard that I was previously unaware of? How much verification do you want? Take your pick: ISC, Trend Micro, F-Secure, ZDNet, or the Washington Post. What else does he want, have the hole paint itself purple and dance naked on the table in front of him singing “zero day exploits are here again?”
This IS being actively exploited. I have a list of sites that are being used to host exploits sitting in my INBOX right now. If you use IE, you need to patch ASAP or switch you web browser over to something else. To suggest this may not be “actually valid” is irresponsbile and is undermining the efforts of security people across the Internet.
Twitter
LinkedIn
Facebook
Flickr
FriendFeed