Microsoft also recommended that organizations set Internet and Local intranet security zone settings to High to block ActiveX Controls and Active Scripting in these zones. Doing so, the company cautioned, potentially has undesirable side effects that may cause some sites to work incorrectly.
Another potential remediation is to remove Java, according to security experts including Metasploit founder HD Moore and Marc Maiffret, CTO at BeyondTrust. The exploit relies on the presence of Java to execute -- at least on IE8 and IE9 on Windows Vista and Windows 7, Moore told Krebs. Unfortunately, the exploit works just fine without Java on systems running IE7 atop XP or Vista, as well as IE8 on XP.&
Sign up for Computerworld eNewsletters.