Another Internet Explorer security problem
No sooner had Microsoft issued a raft of security updates when an unpatched problem for Internet Explorer was found. Computerworld reports:
Microsoft today said it’s investigating reports of a new unpatched vulnerability in Internet Explorer (IE) that did not get patched in yesterday’s massive update.
Other researchers, meanwhile, said that the timing of the attacks, which have already started, was not coincidental.
The report continues:
Symantec Corp. echoed Microsoft today, confirming that the flaw was not fixed by Tuesday’s record-setting update, which included four patches, all judged “critical,” for IE.
“The attack works successfully against a fully patched Windows XP SP3 with Internet Explorer 7, including all recent Microsoft Tuesday patches,” said Symantec researcher Elia Florio in an entry to the company’s vulnerability blog.
As is so often the case with malware, disabling JavaScript in IE will help protect against this exploit. Or you could use Firefox. According to Symantec, enabling Data Execution Prevention (DEP) will also help. I discuss using DEP on my Computer Education site.
Added later: Microsoft has issued a security advisory that says, ” Protected Mode in Internet Explorer 7 in Windows Vista limits the impact of the vulnerability.”
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.