Microsoft warns of new IE zero-day attacks

M

malexous

New member
Guru
VIP
Local time
12:30 AM
Messages
622
Location
Ireland
Microsoft has raised an alarm for a new round of targeted malware attacks against a zero-day vulnerability in its dominant Internet Explorer browser. The vulnerability affects all supported versions of Internet Explorer and can be exploited to launch remote code execution (drive by download) attacks, Microsoft said in an advisory.
...
MITIGATIONS:
In the absence of a patch, Microsoft recommends that IE users:

  • Override the Web site CSS style with a user defined CSS
  • Deploy the Enhanced Mitigation Experience Toolkit
  • Enable Data Execution Prevention (DEP) for Internet Explorer 7
  • Read e-mails in plain text
  • Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
Instructions for deploying these mitigations are available in Microsoft Security Advisory (2458511).
Click to expand...
Microsoft warns of new IE zero-day attacks | ZDNet
 

My Computer My Computer

At a glance

Arch Linux 64-bit
OS
Arch Linux 64-bit
They ought to just tell people to install firefox immediately after installing windows.. It has none of IE's ActiveX vulnerabilities. Cross-site scripting attacks don't work against firefox until flash and java are installed, and can be blocked permanently with noscript about 20 seconds after the first time FF connects to the internet
 
You must log in or register to reply here.

Similar threads

'State-sponsored attackers' using IE zero-day to hijack GMail accounts
Replies
14
Views
3K
Night Hawk
Night Hawk
IE zero-day bug leads to squabble between Microsoft, researcher
Replies
0
Views
2K
JMH
JMH
More on the IE zero day.
Replies
2
Views
2K
richc46
richc46
Back
Top