Microsoft Malware Protection Center has been tracking a recent 0-day vulnerability (Exploit:Win32/CVE-2010-3962) for Internet Explorer. As public exploit code became available and attackers began integrating the code into their toolkits. The attack patterns for this vulnerability have been somewhat unusual.
“One explanation might be that the attackers didn’t achieve the success rate that they had hoped. Because, when you combine Windows 7, Vista and Server 20008 with IE8 and above, DEP/ASLR technologies are enabled by default to protect IE. So, perhaps the attackers haven’t been reaching the attack surface they had originally hoped and are starting to move on.”
The following charts shows the number of XP and Windows 2003 systems reporting attack attempts versus Vista and Windows 7:
Microsoft’s now addressing this issue in Dec. 14 security release.