Microsoft sees 'huge increase' in IE attacks

Discussion in 'other security issues & news' started by HURST, Dec 15, 2008.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member
  2. Rmus

    Rmus Exploit Analyst

    Microsoft has elaborated on the various work-around measures for this exploit until a patch is released:

    Clarification on the various workarounds from the recent IE advisory

    From the computerworld article you cited (thanks!),

    This explains why using IE6, the exploit would not run on sites that I looked at. The code checks for the versions of IE and the Operating system.

    Note, however, that the IE7 exploit has been seen packaged with other exploits that affect IE6, so that an unpatched IE6 would be vulnerable should one encounter a compromised website.

    One of Microsoft's recommendations is to Enable DEP (data execution prevention). Another consideration, because the payload is a trojan executable file,

    those with Software Restriction Policies enabled will prevent the trojan from running.


    0-day exploit for Internet Explorer in the wild

    IE7 0day expanded to include IE6 and IE8(beta)

  3. Pedro

    Pedro Registered Member

    Waiting for Patch Tuesday? ..
  4. ghodgson

    ghodgson Registered Member

    Another very good reason to ditch IE and go with Firefox or Opera.
  5. Kerodo

    Kerodo Registered Member

    They're all the same... they all have vulnerabilities that keep surfacing, then they patch 'em and life goes on...
Thread Status:
Not open for further replies.