Microsoft New security Advisory: Threats around Internet Explorer 6, 7, and 8 and Opportunity on 9 and 10.


It is henceforth official; Microsoft has decided to release Security Advisory 2794220 regarding an issue that impacts Internet Explorer 6, 7, and 8.
‘’We are only aware of a very small number of targeted attacks at this time.’’ Has mentioned the MSRC Team.
In fact this issue allows remote code execution if for example, users browse to a malicious website or click a link in an email or instant message.  
Pending the release of a security update to address this issue,
Microsoft encourages its customers using affected versions of Internet Explorer to deploy the following workarounds and mitigations:
  • Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
    this will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
    This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
  • Deploy the Enhanced Mitigation Experience Toolkit (EMET)
    This will help prevent exploitation by providing mitigations to protect against this issue and should not affect usability of websites. An easy guide for EMET installation and configuration is available in KB2458544’’.
In addition to  upgrade Internet Explorer 6, 7, and 8.

Popular Posts