• all categories
• cpu
• chassis
• consumer electronics
• enterprise
• graphics
• mainboards
• network
• notebooks
• storage
• systems
• memory
• events

A vulnerability in Internet Explorer could allow remote code execution, said Microsoft in a security advisory published last week.

The yet-to-be-patched security flaw allows web sites to run malicious code that could activate small applications designed to steal a user's passwords and confidential data. Last week, the security advisory (#961051) appeared amid a usual long list of similar security flaws. With very few users batting an eyebrow, few questions were asked as - to Microsoft's credit - many have to come to expect these regular flaws to be swiftly resolved.

However, Microsoft's original advisory stated that the attacks were only occurring on version 7 of its Internet Explorer browser. The following day, it revised the advisory to warn that various versions of Internet Explorer on multiple Windows operating systems are at risk.

A week later and the flaw appears to have gathered widespread interest from the hacking community. Trend Micro, an anti-virus specialist, now suggests that some 10,000 websites have been manipulated into exploiting the flaw - putting Internet Explorer's millions of users at risk.

In response, Microsoft has made available a set of user workarounds that it believes will help protect against the flaw until an official solution is made available. The Microsoft-tested workarounds are listed below and further details on each suggestion are available as part of a Microsoft TechNet blog post:

• Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
• Disable XML Island functionality
• Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL
• Disable Row Position functionality of OLEDB32.dll
• Unregister OLEDB32.DLL
• Use ACL to disable OLEDB32.DLL
• Enable DEP for Internet Explorer 7 on Windows Vista and on Windows Server 2008
• Disable Data Binding support in Internet Explorer 8 Beta 2

As a result of the rapidly-growing impact of the flaw, Microsoft has stated that it may issue an out-of-cycle security update to help protect its customers. Security experts, meanwhile, are urging users of the world's most popular browser to seek out an alternative until the flaw is resolved.

Source: Microsoft TechNet

HEXUS related reading

Copyright © 1998 - 2010, HEXUS.net. All rights reserved. Terms, conditions and privacy information.
HEXUS® is a registered trademark of HEXUS Limited.