Zero Day Vulnarability for Internet Explorer
Over the years most of you have been inundated with buzz words like virus, spyware, worm, trojan, rootkit and over the last year Zero Day has been popular. The zero-day term refers to an attack or virus which is previously unknown so no patch or virus defination is available to catch it on day zero. It won’t be caught by your antivirus scanner because they don’t know about it yet.
A Zero Day “Vulnerability” is the worst. This attack uses a flaw in a program such as the browser that allows code to execute with no warning to a user. You don’t have to be tricked into downloading anything. All you need to do is to visit a web site or in some cases just be connected to the internet. The only protection will be programs like WinPatrol that monitor for changes to your system.
This week Microsoft has released an advisory to protect users until a patch is available. Click “Vulnerability in Internet Explorer Could Allow Remote Code Execution”. Microsoft advises some pretty serious work arounds including.
- Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
- Disable XML Island functionality
- Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL
- Disable Row Position functionality of OLEDB32.dll
- Unregister OLEDB32.DLL
- Use ACL to disable OLEDB32.DLL
- Enable DEP for Internet Explorer 7 on Windows Vista and on Windows Server 2008
- Disable Data Binding support in Internet Explorer 8 Beta 2
These are pretty drastic actions but this threat should be taken seriously. Most experts are recommending folks stop using Internet Explorer completely until Microsoft has a patch available. I’m among those experts who also recommends finding a new browser for a while. Personally, I’ve become a fan of Google Chrome which is now out of beta and has an official version 1.
Alternate Browsers in order of my preference:
Update: Microsoft has released an emergency patch to fix this serious vulnerability. http://www.microsoft.com/technet/security/bulletin/ms08-078.mspxDownload Apple Safari (You may have already be tricked into installing this along with iTunes)
Labels: IE, Vulnerability, Zero Day
6 Comments:
I am very surprised that you would recommend that your readers should use Netscape Navigator. Developement and support for this browser ended on March 1st, 2008 http://browser.netscape.com/history . I don't understand why you would prefer this old browser over Firefox, which is based on Netscape's old engine.
Also it is generally known that Google brought Chrome out of beta only so some computer manufacturers would include it on their machines. http://www.downloadsquad.com/2008/12/11/google-chrome-hits-1-0/
Brian,
Thank you for the correction. I did not mean to include Netscape as you suspect. I have corrected my list and replaced my recommendation with Firefox.
If you Email me your name and shipping address I'll send you a free WinPatrol wrist band to say thanks.
Thanks!
Bill
Hi Bill, being a major fan of yours for information relating to such things as this IE vulnerability. That I heard about only yesterday, even though I had been semi-aware that 'something' seemed to have been brewing over it for a while now. So had been regularly checking your blog to see if you had any input, which I am glad to see you have taken it up now.
Like you (as I can understand), I have an IBM Thinkpad, which has been causing me some anxiety for about a fortnight now. In that it has been 'hanging' on me on a regular basis when trying to use after being left idle for extended periods. With the affect that 'nothing' (including Task Manager or Off Button press) seemed to help. The only way to off has been to undock and remove the battery, then restart (until the next time). Then to cause me to feel even less comfortable, about a week ago I had a program that I had recently purchased by download, produce a very extensive 'bug' report including zip file which seemed to include heaps of data about my machine and its connections etc etc. Which it was automating to my email and requesting me to send. Which I didn't do (intentionally at least).
Amongst the many things that I tried to resolve the 'hanging' issue, I had been on to IBM/Lenovo support, who seemed not to be able to help. And I have explored many other options pursued through Internet lookups to the point where I have not suffered the same problem now for about the last 48 hours. Plus with the latest IE vulnerability info, I have turned DEP on in my system pending issue of the 'fix' to be issued sometime today I understand.
However, my concern comes with the problems I have been suffering over the past 10 days to fortnight as outlined above and with the release of recent information about this latest vulnerability. I have scoured the Internet for details of how this vulnerability or more particularly if it is possible or likely that my system has been (or hopefully not been) affected/compromised by a hack using this black hole in IE.
Are you able to throw any light on it for me? either on your blog or privately direct.
Best regards, Kevin
Hi Bill, thanks for the great advice.
I've heard that some folks don't like the embedded Google ID in Chrome. How do you feel about it?
For those who like tin hats, there is a version of Chromium that has no Google identifiers in it.
http://www.downloadsquad.com/2008/09/24/iron-chrome-for-privacy-fanatics/
I am using the portable version of it now and it rocks.
Best wishes,
Clif
http://freewarewiki.com
Thank you so much for your wonderful programs WinPatrol and Lady the Task Catcher. I feel so safe with them guarding my computer.
I have the patch, but have decided to try Google Chrome for a bit, just to be extra safe.
You're the best!
Toni
Hello Bill
Just wanted to let you know that the WinPatrol wrist band you sent me, arrived today. I am very happy with it.
Thank-you and Happy New Year
Brian
Post a Comment
<< Home