Microsoft warns of IE zero day vulnerablity

Discussion in 'Windows Vista Help and Support' started by kemical, Nov 24, 2009.

  1. kemical

    kemical Windows Forum Admin
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    Aug 28, 2007
    Messages:
    31,797
    Likes Received:
    1,563
    Microsoft warns of IE zero day vulnerablity [​IMG] [​IMG] Written by Nick Farrell Tuesday, 24 November 2009 10:04
    [​IMG]

    Workarounds for now

    Software giant Microsoft has issued a security advisory that provides customers with guidance and workarounds for dealing with a zero-day exploit aimed at Internet Explorer. Over the weekend someone published the exploit code to the Bugtraq mailing list and while no active exploits of the vulnerability have been reported so far, it appears Microsoft is taking no chances.

    Microsoft released Security Advisory 977981, which includes workarounds for an issue that exposes a flaw in Cascading Style Sheets that could allow for remote code execution. Vulnerabilities that allow remote-code execution generally result in patches rated as critical by Microsoft. The vulnerability affects IE 6 on Windows 2000 Service Pack 4, and IE 6 and IE 7 on supported editions of XP, Vista, Windows Server 2003 and Windows Server 2008.

    The work around involves configures the browser to run in Protected Mode to limit the impact of the vulnerability. It also recommended setting the Internet zone security setting to "High" to protect against the exploit. The "High" setting will disable JavaScript, which currently is the only confirmed attack mode.Microsoft said IE 5.01 Service Pack 4 and IE 8 on all supported versions of Windows are not affected.

    For an attack to work, the hacker would first have to get his victim to visit a Web site that hosted the exploit code. This could be a malicious Web site set up by the hacker himself or it could be a site that allows users to upload content.

    Fudzilla - Microsoft warns of IE zero day vulnerablity
     
    Mike and (deleted member) like this.

Share This Page

Loading...