• Microsoft Internet Explorer under "Zero Day" Attack

    CERAiT specializes in providing information technology (IT) related services to the biz community.

    Microsoft Security Advisory(961051) - "Zero Day" Attack

    Dec 15, 2008

    Accordingto Microsoft security advisory article [1], published on Dec 10 and updated on Dec 15, a serious vulnerability has been disovered with Microsft Explorer, which is the default browser for majority of Internet users. This flaw that could let hackers gain access to vulnerable computers and steal personal data, so Microsoft told them to swap to a rival browser.[2]

    Hackers are exploiting this newly discovered vulnerability and attacks are reported against Windows Internet Explorer (IE) 7 accross diferent MS platforms. Microsoft IE 5.01, IE 6 and Windows IE 8 Beta 2 on all supported versions of Microsoft Windows are also potentially vulnerable .

    It is known as a "zero-day" vulnerability because, it has been there since the product was launched - day zero - and not even its developer had spotted it. For that reason, current exploiting of the flaw is known as a "zero-day" attack."

    Microsoft security advisory [1] states that that Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Also, as a mitigation for this flaw they noted the following:

    • Protected Mode in Internet Explorer 7 and Internet Explorer 8 Beta 2 in Windows Vista limits the impact of the vulnerability.
    • By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
    • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

    Currently known attacks cannot exploit this issue automatically through e-mail.

     

    What should Internet Explorer users do?

    According to Guardian article[2]:

    • Change the program's internet zone security setting to "high". It is, however, likely to slow down a user's web experience.

    • Log out of your computer and create a new user account which has limited rights to change the PC's settings. Log in as that user. This should reduce the chances of anyone being able to exploit the flaw should your computer become infected.

    • Keep antivirus software up to date. This is likely to have only limited effect as most antivirus software packages only investigate files that are downloaded from the internet, rather than looking at every page visited.

    • Switch to another browser, preferably Firefox. This is by far the best option.

     

    [1] Microsoft website

    [2] Guardian article

    For more info about our services please contact us.
    Initial consultation is free and with no obligation to you.


    web design   marketing   products   services   support   portfolio  
    about us   contact us   resources  

    © 1999-2008 Copyright CERAiT. Cera Consulting.
    eCommerce... web design... it consulting... custom software solutions...
    GTA. Toronto. Ontario. Canada
    All rights reserved. Terms of Use.