New
#1
Microsoft warns of new IE zero-day attacks
Microsoft warns of new IE zero-day attacks | ZDNetMicrosoft has raised an alarm for a new round of targeted malware attacks against a zero-day vulnerability in its dominant Internet Explorer browser. The vulnerability affects all supported versions of Internet Explorer and can be exploited to launch remote code execution (drive by download) attacks, Microsoft said in an advisory.
...
MITIGATIONS:
In the absence of a patch, Microsoft recommends that IE users:
- Override the Web site CSS style with a user defined CSS
- Deploy the Enhanced Mitigation Experience Toolkit
- Enable Data Execution Prevention (DEP) for Internet Explorer 7
- Read e-mails in plain text
- Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
Instructions for deploying these mitigations are available in Microsoft Security Advisory (2458511).