Jump to content
ritchie58

Microsoft Warns Of Script Injection Attacks In Internet Explorer

Recommended Posts

Microsoft is warning Windows users of a new "critical" vulnerability that affects all versions of the company's Windows operating system.

 

The issue, detailed in Security Advisory 2501696--which was released last week--details a vulnerability in the way Internet Explorer handles MHTML on certain types of Web pages and document objects. As a result, hackers and other third parties that exploit the vulnerability can gain access to a user's information, or their computer through script injection.

 

In its advisory, Microsoft said it had "not seen any indications of active exploitation of the vulnerability," but that the company was aware of "proof-of-concept code" that attempts to exploit it.

 

To keep the vulnerability at bay, Microsoft has issued suggestions for users to lock down Active Scripting, and ActiveX controls in Internet Explorer, as well as MHTML. Microsoft also said it was working with service providers to investigate server-side workarounds to the issue, as well as including any fixes in future software security updates.

 

Originally posted at Microsoft

Share this post


Link to post
Share on other sites

Microsoft is recommending that users set their security setting for the internet to high to help protect against this vulnerability:

You can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.

 

To raise the browsing security level in Internet Explorer, follow these steps:

 

1.

 

On the Internet Explorer Tools menu, click Internet Options.

 

2.

 

In the Internet Options dialog box, click the Security tab, and then click the Internet icon.

 

3.

 

Under Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High. For the more tech minded individuals there is a current workaround by injecting your own code using Registry Editor. More information on this can be found at the Security Advisory 2501696 link in the last thread.

 

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...