Security Advisory On Zero-Day Exploit - Microsoft

Security advisory guidance and work-arounds for dealing with the zero-day exploit aimed at Internet Explorer was released by Microsoft on Monday night. The vulnerability in Internet Explorer was posted in a mailing list to Bugtraq security on Friday, and according to the report the attack code affects both Internet Explorer 6 and the newer IE7.

Microsoft had confirmed that the exploit code published last week can compromise PCs running older versions of Internet Explorers. The advisory confirmed that the vulnerability affects IE 6 on Windows 2000 Service Pack 4, and IE 6 and IE 7 on supported editions of XP, Vista, Windows Server 2003 and Windows Server 2008.

However, IE users running Internet Explorer 7 on Vista can configure the browser to run on Protected Mode to limit the impact of the vulnerability. Also recommended is the setting of the Internet zone security to 'High' to protect against the exploit. The 'High' setting will disable JavaScript, which currently is the only confirmed attack mode.

Microsoft officially stated that IE 5.01 Service Pack 4 and IE 8 on all supported versions of Windows are not affected. However, it declined to state whether the patch for the flaw will come bundled with its Security updates set for December 8.
Next Post »