Hey Readers, just wanted to give you a couple of site updates for research.eeye.com, and most notably the zero-day tracker. We'll start with the good news...
Good News: eEye Research has added another vulnerability to its upcoming advisories page. The vulnerability is locally-exploitable on Windows which will allow for arbitrary code to be executed with greater than SYSTEM-level privileges.
Good News: eEye Research has published its Patch Disclosure Analysis for the month of December. You'll find good insight into what was released this month from Redmond, as well as some extra mitigation that wasn't found in the bulletins.
Good News: The eEye Research blog now accepts anonymous comment without needing a typepad account. Feel free to post any comments you have to the blog or to [email protected] directly.
BAD NEWS: eEye Research has added another zero-day vulnerability for Microsoft Word today from a recent proof of concept posted by Disco Jonny. Because there is no public information regarding the previous two zero-day vulnerabilities (covered here and here), this vulnerability is presumed to be a separate vulnerability altogether. Therefore, this vulnerability represents the third active zero-day affecting Microsoft Word at this very instant.
As usual, feel free to direct any questions regarding research.eeye.com or the eEye Research Team in general to [email protected].