Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft's workaround for zero-day IE vulnerability may not be effective

Ted Samson | Sept. 20, 2012
Microsoft is pushing its Enhanced Mitigation Experience Toolkit to protect systems, but companies may want to temporarily switch browsers or disable Java

Microsoft also recommended that organizations set Internet and Local intranet security zone settings to High to block ActiveX Controls and Active Scripting in these zones. Doing so, the company cautioned, potentially has undesirable side effects that may cause some sites to work incorrectly.

Another potential remediation is to remove Java, according to security experts including Metasploit founder HD Moore and Marc Maiffret, CTO at BeyondTrust. The exploit relies on the presence of Java to execute -- at least on IE8 and IE9 on Windows Vista and Windows 7, Moore told Krebs. Unfortunately, the exploit works just fine without Java on systems running IE7 atop XP or Vista, as well as IE8 on XP.&


Previous Page  1  2 

Sign up for Computerworld eNewsletters.