IE 0 Day Exploit

12/12/2008 19:27

Microsoft reported a new "zero-day exploit" that affects most versions of the Internet Explorer browser. A zero-day exploit is a security vulnerability that is being exploited before the software vendor or public know that the issue exists. This particular exploit attacks flaws within Internet Explorer that can cause it to “exit unexpectedly, in a state that is exploitable”- in English: the attacker can take control of the computer.

Microsoft has documented security breaches with Internet Explorer 7, and has confirmed that the security vulnerability is present in Internet Explorer version 5 and higher. Microsoft is working on patch to resolve this issue, but it has not yet been released.

This exploit is dependent upon a user browsing to infected websites with Internet Explorer and cannot be triggered through email, instant messaging or other web browsers.

Until a patch is released and installed on your computers, this threat can be mitigated by taking the following steps:

  • Set your Internet Explorer security setting to “High” for the Internet zone. The following steps describe how to configure this:
    1. On the Internet Explorer Tools menu, click Internet Options.
    2. In the Internet Options dialog box, click the Security tab, and then click the "Internet" icon.
    3. Under Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High. (Note: If no slider is visible, click Default Level, and then move the slider to High.)

NOTE: This may limit the features of some websites. If these sites are required for your business, exceptions can be made for them if you contact your IT provider

 

  • Use a browser besides Internet Explorer. Other browsers such as Mozilla’s Firefox and Google’s Chrome do not currently have this security vulnerability.

 

  • Limit browsing to sites required for work.

 

Once released, the patch for this security vulnerability should be distributed through your standard patching process.

Further information:

Microsoft Security Advisory

http://www.microsoft.com/technet/security/advisory/961051.mspx

In the news:

http://www.eweek.com/c/a/Security/UPDATED-Microsoft-Issues-Advice-on-Internet-Explorer-ZeroDay Attacks/

http://isc.sans.org/

Alternate Browsers (may require administrative provides to install)

http://www.mozilla.com/en-US/firefox/

http://www.google.com/chrome

http://www.opera.com/

Topic: IE 0 Day Exploit

No comments found.

New comment