Microsoft released Security Advisory 2887505 which relates to an issue with Internet Explorer.
It is important to note that there are a limited number of targeted attacks which are specifically directed at Internet Explorer 8 and 9. The issue, however, could potentially affect all supported versions of IE.
As described by Dustin Childs in the below-referenced MSRC Blog post,
"This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message."
MitigationsMicrosoft has made available a Fix it solution for users of Internet Explorer. Additional mitigations include the following advice, also from the MSRC Blog post:
- Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
- Configure Internet Explorer
to prompt before running Active Scripting or to disable Active Scripting
in the Internet and local intranet security zones
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
|Apply Fix it||Uninstall Fix it|
Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.
If you have Windows Vista or Windows 7 installed, you should have updated to IE9 or IE10. In the event you haven't, it is strongly advised that you update!
- Microsoft KB Article 2887505: Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution
- MSRC: Microsoft Releases Security Advisory 2887505
- Security Research & Defense: CVE-2013-3893: Fix it workaround available
- Tech Net Advisory: Microsoft Security Advisory (2887505): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...