But don’t.  Please don’t!…      just….       don’t!…

Instead, why don’t you apply the out-of-band patch ( MS10-002 ) that Microsoft has just released…?!!!

Patching remote-code-execution vulnerabilities is usually “a good idea” to say the least.  But, considering that:

Microsoft rushed to get this patch out…… ( Thank you Microsoft! )

And that, this patch addresses several Internet Explorer vulnerabilities – of which includes CVE-2010-0249 – the infamous “Aurora attacks” related vulnerability that’s well known to be making the rounds in the wild.

Annnnd that, the Metasploit framework has released an update that can generate attacks based on this….. Which means that every script-kiddy / pentester / disgruntled-monkey-with-a-laptop can mount their own little mini operation Aurora-like attacks.

Annnnnnd that, Microsoft has posted an advisory about an unpatched elevation of privilege attack that affects most Windows NT platforms ( from Windows NT 3.1 to, and including, Windows 7 ) – which there is proof-of-concept code now publicly available for…..

Just Update your windows using Microsoft Update!