Discussion in 'other security issues & news' started by HURST, Dec 15, 2008.
Microsoft has elaborated on the various work-around measures for this exploit until a patch is released:
Clarification on the various workarounds from the recent IE advisory
From the computerworld article you cited (thanks!),
This explains why using IE6, the exploit would not run on sites that I looked at. The code checks for the versions of IE and the Operating system.
Note, however, that the IE7 exploit has been seen packaged with other exploits that affect IE6, so that an unpatched IE6 would be vulnerable should one encounter a compromised website.
One of Microsoft's recommendations is to Enable DEP (data execution prevention). Another consideration, because the payload is a trojan executable file,
those with Software Restriction Policies enabled will prevent the trojan from running.
0-day exploit for Internet Explorer in the wild
IE7 0day expanded to include IE6 and IE8(beta)
Waiting for Patch Tuesday? ..
Another very good reason to ditch IE and go with Firefox or Opera.
They're all the same... they all have vulnerabilities that keep surfacing, then they patch 'em and life goes on...
Separate names with a comma.