Microsoft tells users how to prevent IE zero day attacks
TO COMBAT a recent zero-day flaw in Internet Explorer, Microsoft has decided to release a security advisory to protect its vulnerable users.
News of the flaw surfaced a couple of days ago, when it was originally assumed the problem was being caused by XML processing. Reports also indicated the flaw was unique to IE 7, something which Microsoft has since updated to included IE6 and IE 5.01.
In fact, rather than the problem simply affecting the XML parsing engine of IE 7, it's more directly linked to data binding and the library MSHTML.DLL. And it affects IE on several Windows platforms, including Windows XP SP2 and SP3, Windows Server 2003 SP1 and SP2, Windows Vista, Windows Vista SP1 and Windows Server 2008.
The Vole is still furrowing its furry brow about trying to get to the bottom of the issue, but has, in the meanwhile, drawn up some tips for users to try and avoid getting attacked while they wait for a patch.
The Redmond Giant has recommended all IE users have a fumble with their Internet and local intranet security settings, ensuring that they are set to 'High' so that IE will prompt before running any ActiveX controls or active scripting.
Additionally, Microsoft is recommending that active scripting be disabled altogether in the Internet and local intranet security zone and that DEP (Data Execution Prevention) should be enabled.
But Internet security blog, Secunia, having tested the flaw thoroughly, reckons that setting the security level to 'High' for the Internet security zone or disabling Active Scripting won't necessarily ensure complete protection, claiming that it is still possible to trigger the vulnerability, despite making that harder for attackers to do.
Now, far be it from us to try and improve on Microsoft's advice, but shurely, if the preventative measures recommended by Microsoft aren't going to protect users 100 per cent anyway, and are a hassle, why not just switch to Firefox to avoid these Volish vulnerabilities altogether and be done with it? µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
For English, Look OUTDOORS At Moon Right Now, Its 1/3 Brighter than Most Full Moons in Late Afternoon today. Bigger to, AS Moon is Closer. All this can be read about in Drudge Report today.
it appear 14 per cent bigger and some 30 per cent brighter than most full moons this year Plus if you use Toilet Paper roll, its even bigger & much brighter.
Comets are yearly thing, todays called Gemini comets, as appear near constellation Gemini, of course actually rubbish in earths orbit Way, will be streaking thru sky ALL Night too. At Midnight Lunar event will be straight Up in Sky. Read Article & Look To Horizon, it will be 2016 until such event happens again. Sniff for Cheese & Prepare to Ask Old Man Question. Like wheres Ms. Moon? This May Be Due to IE 8 Beta, yet its more Astronomicaly unique event. STeWie Drashek
I know how to prevent them already.... QUIT USING IE!!!!!!
Buy a MAC
Well, probably because it's virtually impossible to not be running some part of Internet Explorer, at some level, if you are using any aspect of the Windowing system of Windows. Firefox is just a borwser, but IE is built into the very Chrome of the desktop. It is quite possible that these vulnerabilities run right through into aspects such as local file browsing and viewing, and may even be inherited by child windows, belonging to applications unrelated to Web browsing in any way, such as Office apps and so on. Hardwiring the browser into the windowing system is not widely held to have been the wisest of moves, around Redmond circles, these days (although it won't have stopped the geniuses who thought of it, from getting their share of feeding at the annual SPSA trough!)
No. The better advice would be to find some way of booting to a DOS prompt and using wget, to be honest :).
You can always switch over to Ubuntu or other Linux distro. Firefox is the browser and IE isnt integrated into anything. Pretty simple to switch over and use for the everyday webbrowsing world.
Yes, I am serious, and please don't call me Shirley, Shurely, or Surely.
drashek youve been takin those damned meds again grrrrrrrrr, your making sense, ffs stop it, i told you before, it un-nerves me O_o
by the way in the uk we need more like a radio telescope rather than a bog roll tube to see anything above a few hundred feet, weathers absolutely carp :O)
Getting rid of IE is not the answer. I agree it would be prudent to use another browser until the vulnerability is dealt with. I disagree with the last post for being so self promoting and not fair/balanced. As for me, I will use another browser until the zero attacks go away. Then I'll be back to my favorite browser. You know, it's one thing to have a preference. It's another to hate healthy competition.
the INQ should hire drashek tbh. that would make nick farells articles look like shakespeare. drashek would probably have more intresting news though :P
Someone should tell drashek the difference between comets and the annual meteor showers. A comet is the last thing I want falling on Eath annually, remember what Temple-Tuttle did to Jupiter?
Seriously though, regular visits to Windows update is better than sticking one's head in the sand expecting nothing happening to you. Having an up to date mal-ware suite protects even more.
Imagine if Apple's OSX or Linux had the market share for Operating System, do you possibly think that those users would escape the attention of virus writers?... I thought not
"Why not just switch to Firefox to avoid these Volish vulnerabilities altogether and be done with it?"
Tell that to the people who are currently having all their money stolen by that recent firefox vulnerability which poses as seamonkey. Nobody is safe.
Author is obviously nothing but a brain dead Firefox fanboy. I'll use IE6 all day, everyday, if I so desire, and NOT worry about a thing.
It's looking increasingly as if Microsoft is unable to keep its software even moderately secure for two days in a row.
Of course you don't have to use Firefox - there's also Opera. (And if you have moved to Linux, you can feel a lot safer all round).
As for the IE fans who say things like "I'll use IE6 all day, everyday, if I so desire, and NOT worry about a thing" - well,they have every right to do so.
And good luck with that.
To complete the comments: There's also lynx.
Opera Software, IMHO
well spose ill be classed as an opera fanboy, but to my cost on numerous occasions i usually support the 'underdog' (apart from linux, whatever flavour, too much like hard work and i game) do ya self a favour folks, just try opera 10 alpha, yes alpha !!! its awesome, auto update too, no security issues as yet, fireferrets full of um :O)
i jest you not opera 10 is eyebleedingly fast too :O)
It just never stops, does it? I gave up on Windows 2 years ago, I'm now running a mix of Ubuntu, Mandriva, and Mac OSX. Every time I see this sort of thing, I just shake my head and carry on.
I do know some people who love Internet Exploder. They remind me of battered wives who won't leave their abusive husbands. I pity them.
It appears as though the the gent making the battered wife comment can be likened to a woman who is not satisfied being faithful to one man.
The word "prostitute" comes to mind.
LOL,
Don of Tamarac
Greedy, greedy, greedy...
Do you want your web browser to move images, play movies, whistle and at the same time do better than your multimedia presentation family room does? Pay the piper, ooops, the price to be vulnerable to all kind of crap.
Old BBS text video, 24x80, presenting text files, can't hurt you at all.
What you want from browsing internet? information? read your emails? read CNN and other information websites? plain TXT can give you the same information. As a matter of fact, all magazines and newspapers do exactly that.
Should you allow Activex run freely into your web-browser? or not?
Greedy? pay the piper.