Those of you who celebrate Christmas, Microsoft has unwittingly given you a present just in time for the holiday! This figurative lump of coal comes in the form of an Internet Explorer vulnerability that could allow attackers to execute code on your system remotely.
The Microsoft security advisory says that the flaw is related to a CSS function in IE, and it affects all currently supported versions of the browser across all platforms – IE 6, 7 and 8 on Windows XP, Vista, 7, Server 2003, Server 2008, and Server 2008 R2. A user would have to navigate to an infected Web page for an attacker to gain control of the system.
Microsoft currently lists several “mitigating factors” that limit the impact of the exploit, though none completely fix the issue. Here are the most important:
Windows Vista and Windows 7's Protected Mode will provide only limited access to any attacker who gains control of a compromised system. Windows XP users, of course, have no such protection.Internet Explorer on all Windows Server systems runs with very high security settings enabled by default, which should prevent the issue from affecting those systems unless the settings have been changed, or if a compromised site has been added to the list of Trusted Sites.If the system is compromised, the attacker can only run code with the same privileges as the logged-in user. Thus, as usual, standard users are more protected than those with administrative rights.No software patch yet exists for the issue, but Microsoft appears to be working on it. If no out-of-band patch is released in the next couple of weeks, I’d expect this issue to be fixed on January’s Patch Tuesday.
As always, we recommend that all users exercise caution in clicking on links of unknown origin, and that they all run anti-virus software to keep their systems protected. Stay safe, and may your computers make it through the holiday season un-hacked!
Source: Microsoft Technet
Tags: internet explorer, security, windowsCategory: Windows 7 NewsNext Post: Windows 7 Family Pack Sales Ending December 31st »»Prev Post: Should There Be A Tablet Version Of Windows 7? »»
About Andrew Cunningham: Andrew Cunningham is a rarity - an IT professional with a liberal arts degree. Please don't hold that against him. When he's not supporting the faculty and staff of Kenyon College, he's writing about games, music and movies at his other blog, Charge Shot!!! View posts.
0 komentar:
Posting Komentar