Microsoft Security Advisory (917077)
Microsoft has just released a Security Advisory for the HTML Objects vulnerability. This is the reason the Internet Storm Center went to yellow this evening.
From the Microsoft advisory:
"Microsoft has confirmed new public reports of a vulnerability in Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. We have seen examples of proof of concept code but we are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time."
Microsoft Suggested Workarounds:
* Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zones.
* Set Internet and Local intranet security zone settings to "high" to prompt before Active Scripting in these zones.
http://www.microsoft.com/technet/security/advisory/917077.mspx
Microsoft says that they are still investigating and will provide more information as it becomes available. So stay tuned for further updates.
From the Microsoft advisory:
"Microsoft has confirmed new public reports of a vulnerability in Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. We have seen examples of proof of concept code but we are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time."
Microsoft Suggested Workarounds:
* Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zones.
* Set Internet and Local intranet security zone settings to "high" to prompt before Active Scripting in these zones.
http://www.microsoft.com/technet/security/advisory/917077.mspx
Microsoft says that they are still investigating and will provide more information as it becomes available. So stay tuned for further updates.
Keywords:
0 comment(s)
×
Diary Archives
Comments