For those of you who are not already aware, CCIP would like to bring
your attention the the Critical Microsoft Security Bulletin MS09-002
that was released on February 10:
Microsoft have announced a vulnerability in Internet Explorer 7 that
could allow remote code execution if a user views a specially crafted
Web page. Administrators are advised to patch immediately. Microsoft
have rated as Critical for Window XP and Windows Vista and as Moderate
for Windows Server 2003 and Windows Server 2008.
CCIP is releasing this alert as it has been made aware of active
exploitation of this vulnerability in the wild. Due to the recent
impact of the Conficker worm CCIP wants to ensure that there is
awareness of the active exploitation of MS09-002 and to encourage the
patching of systems if they have not already been patched.
AusCERT have a write up on their website:
There is also a write up on the Sourcefire Vulnerability Research Team’s
The CCIP Team
Centre for Critical Infrastructure Protection
Government Communications Security Bureau
P: +64 4 498 7654
F: +64 4 498 7655
This e-mail contains official New Zealand Government information, which
is intended for the use of addressees only. If you have received this
e-mail in error, please notify the sender immediately and delete.
You should not further disseminate, distribute or copy this e-mail in