Public reports on the Internet are reporting a serious remote code execution vulnerability in Microsoft Internet Explorer. The vulnerability only affects Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected. At the time of writing Microsoft is aware of this vulnerability to Internet Explorer 8 only.
Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2 run in restricted mode which uses an Enhanced Security Configuration which mitigates this vulnerability. For more information you might want to refer to the Microsoft Security Advisory 2794220.
Given the threat to Internet Explorer users is very real. Here are some simple options to consider:
- Upgrade to Internet Explorer 9 – this would be the straight forward option
- Set Internet Explorer settings for Internet and Intranet to HIGH – this will block the exploit from running
- Alternatively you could look to use another browser such as Google Chrome or Mozilla Firefox which are not affected by this exploit
- Use Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) – this is not for novices
- Consider using a web browser script blocker – see bootnote
Microsoft is also working on a one-click Fix it tool called a ‘shim’ which will block the vulnerable code paths. We will update our readers when this is released into the public domain. More information about Fix it UPDATE: Jan 1st 2013 – Microsoft release Fix it tool
Bootnote: Do you want manage and control what websites collect from your computer? If so, I suggest you read further on how to block browser scripts from running as using these script blockers would stop this exploit from being installed/run.
Safe surfing folks!