News

Microsoft Talks Up Countermeasures to Fend Off IE Attacks

Microsoft warned users of Internet Explorer 7 (IE7) late Wednesday that attackers are actively exploiting a critical bug in the browser, and urged them to take countermeasures in lieu of a patch.

By Gregg Keizer, Computerworld (US)

"The information posted in Microsoft's security advisory is what the company knows to be true at this time, [but] Microsoft continues to investigate this vulnerability," a company spokesman replied in an e-mail when asked whether Microsoft had found a similar bug in IE6. "If Microsoft can confirm new information based on its ongoing investigation, it will update the security advisory as necessary."

Mary Landesman, a senior security researcher at ScanSafe Inc., a San Francisco-based security company, noted that if IE6 does turn out to be vulnerable to attack, users can protect themselves by switching on DEP in the operating system.

Because IE6 lacks a DEP setting, users running Windows XP, both Service Pack 2 (SP2) and SP3, must turn it on in the operating system instead. To do so, right-click "My Computer," select "Properties" from the ensuing menu, then click the "Advanced" tab. Under the "Performance" section, click the "Settings" button, then the "Data Execution Prevention" tab. Select the "Turn on DEP for all programs and services except those I select:" and click OK.

IE8, which is in Beta 2 at the moment, enables DEP by default.

Also today, researchers at iDefense, a security intelligence firm owned by VeriSign Inc. , said that the first exploit made public -- which targets Windows XP and Server 2003 systems -- was mistakenly released by Chinese security analysts.

• Email
• Print
• Comments
• Digg This
• SlashDot