Blue Coat WebFilter systems have been updated to capture 100% of the known sites exploiting this vulnerability. Real-time detection mechanisms have also been added to WebPulse to automatically recognize and categorize newly-infected sites. A ProxySG policy to block sites categorized by WebFilter as “Spyware/Malware Sources” will protect WebFilter customers against this exploit.
The research staff at the Blue Coat Security Lab has been actively monitoring this exploit and making the necessary adjustments and updates to the WebFilter database and WebPulse infrastructure to protect Blue Coat customers. Multiple lists of infected sites with drive-by scripts to exploit this vulnerability in IE were published last week; however, Blue Coat's proactive research and monitoring of exploit trends via the WebPulse cloud community resulted in a large majority of these sites being categorized by Blue Coat as “Spyware/Malware Sources” before this exploit was even announced by Microsoft or publicized by the media.
July 14, 2009: Microsoft issued an update and public report to address this issue (including an available security update).
Thanks for your feedback. Let us know if you have additional comments below. (requires login)