Tuesday, September 18, 2012

Microsoft Security Advisory 2757760

Security Advisory
Microsoft released Security Advisory 2757760 to address an issue that affects all versions of Internet Explorer except IE10.

Current exploits of this vulnerability occur with Internet Explorer using third-party software, most particularly Oracle’s Java, when visiting a website hosting malicious code.

Update:  It was reported at the MSRC Blog that a Microsoft Fix it solution will be issued within the next few days.  In the interim, it was also stated that this vulnerability is currently not widespread.  See the update at Additional information about Internet Explorer and Security Advisory 2757760.

Recommendations:

Uninstall Java -- Most home computer users no longer need Java.  Following are reasons why someone may need Oracle Sun Java installed on their computer:

  • Playing on-line games generally requires Java.
  • With OpenOffice, Java is needed for the items listed  here
  • It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
  • There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.
If you need Java, be sure you have uninstalled all old, vulnerable versions and have only the most recent release installed on your computer.

Install and configure EMET -- The Enhanced Mitigation Experience Toolkit was designed to help prevent hackers from gaining access to your system. It prevents exploitation by applying in-box mitigations such as DEP to configured applications.

The simple steps needed to add iexplore.exe to EMET and other actions are provided in the "Suggested Actions" section of the Security Advisory.  When checking EMET, I was pleased to see that I had already added iexplore.exe. 


References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

1 comment:

  1. Microsoft Fix-it 50939 , "Prevent Memory Corruption via ExecCommand in Internet Explorer,", that prevents exploitation of this issue, has been released and can be downloaded from:

    http://support.microsoft.com/kb/2757760

    Note: As this temporary Fix-it is not intended to be a replacement for any "permanent" security update eventually released, please be sure to also download and save the "UNdo" Fix-it 50938 so as to be able to UNdo this Fix-it in the future, prior to installing the "permanent" fix.

    ReplyDelete

Neither spam nor comments containing vulgarities will be approved.