It looks like we have a working Internet Explorer 0-day today. The guys at http://www.xsec.org/ actually published an example yesterday, which was Exploit Wednesday. They clearly have a sense of humor, but that’s beside the point. Their initial example was only tested on Chinese XP SP2, and Internet Explorer 6.0 SP1, and although it managed to crash Internet Explorer in our tests, it was not able to execute code.
Tonight, however, it seems that reliably working attack code now exists. Fortunately, no proofs of concept have been made public, and so far, our monitors have not found any real live code in the wild, so all is still pretty safe.
It would be wise for us all to assume that exploiters around the world are probably trying to figure out the details right now, so everyone needs to be both vigilant and cautious. SocketShield has been updated to protect against the exploit as we currently understand it, and we’ll continue to update it as needed.