Microsoft released Security Advisory 2757760 to address an issue that affects all versions of Internet Explorer except IE10.
Current exploits of this vulnerability occur with Internet Explorer using third-party software, most particularly Oracle’s Java, when visiting a website hosting malicious code.
Update: It was reported at the MSRC Blog that a Microsoft Fix it solution will be issued within the next few days. In the interim, it was also stated that this vulnerability is currently not widespread. See the update at Additional information about Internet Explorer and Security Advisory 2757760.
Recommendations:
Uninstall Java -- Most home computer users no longer need Java. Following are reasons why someone may need Oracle Sun Java installed on their computer:- Playing on-line games generally requires Java.
- With OpenOffice, Java is needed for the items listed here.
- It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
- There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.
Install and configure EMET -- The Enhanced Mitigation Experience Toolkit was designed to help prevent hackers from gaining access to your system. It prevents exploitation by applying in-box mitigations such as DEP to configured applications.
The simple steps needed to add iexplore.exe to EMET and other actions are provided in the "Suggested Actions" section of the Security Advisory. When checking EMET, I was pleased to see that I had already added iexplore.exe.
References:
- MSRC: Microsoft Releases Security Advisory 2757760
- Tech Net Advisory: Microsoft Security Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code Execution
- Download: EMET (Enhanced Mitigation Toolkit v3.0)
1 comment:
Microsoft Fix-it 50939 , "Prevent Memory Corruption via ExecCommand in Internet Explorer,", that prevents exploitation of this issue, has been released and can be downloaded from:
http://support.microsoft.com/kb/2757760
Note: As this temporary Fix-it is not intended to be a replacement for any "permanent" security update eventually released, please be sure to also download and save the "UNdo" Fix-it 50938 so as to be able to UNdo this Fix-it in the future, prior to installing the "permanent" fix.
Post a Comment