Hello, all! This is just a quick note that Microsoft has released a bulletin regarding a new 0-day in Internet Explorer versions 7 and 8. You can read all about it in their advisory at http://www.microsoft.com/technet/security/advisory/2488013.mspx as well as the reference for the CVE, 2010-3971. We have previously released coverage for this vulnerability in sids 18196 and 18240. Because we released coverage before Microsoft posted their bulletin or a CVE had been assigned, these rules do not have those references. We will release updated rules with the new references after the holidays.
In addition to the above CSS issue, two other 0-days have been making the rounds lately that I wanted to call attention to -- a vulnerable Active-X control that allows remote code execution that we defend against with sids 18241 and 18242 and a vulnerability in the Windows 7 IIS7.5 FTP server that we defend against with sid 18243. The FTP vulnerability does not require authentication and has the potential for remote code execution, so be sure to defend your servers and/or disable FTP if you're not using it. Neither of these vulnerabilities have in-depth bulletins written about them, just exploit code that is openly available online.