Tech Flash - Internet Explorer 0-day


Wednesday, March 23, 2010: Microsoft recently released a Security Advisory for a critical vulnerability in Internet Explorer that could allow remote code execution.

http://www.microsoft.com/technet/security/advisory/981374.mspx

The exploit primarily impacts Internet Explorer 6 and Internet Explorer 7. The latest version of the browser - Internet Explorer 8 - does not appear to be affected by this vulnerability. The exploit code has been posted publicly, which will lead to an increase in the number of attacks.

If you are using the Milton Security Edge7200 or EdgeWall 7000 appliances on your network, the following options are available to ensure that your network remains Operational and Secure:

Network Control: If you do not have control over the browsers used by your clients, prevent those clients from accessing critical resources with the granular access control features on the Milton Security Edge7200.

Endpoint Visibility: Utilize the Endpoint Scanning features to verify Internet Explorer 8 is installed - or - that DEP (Data Execution Prevention) is enabled on your client devices.

Host based solutions to address this vulnerability include:

    Upgrade to Internet Explorer 8

    Follow the multiple workaround steps provided by Microsoft

    -Modify iepeer.dll file
    -Adjust Active Scripting settings
    -Set Security Zones
    -Enable DEP

The 'Workarounds' section in the Microsoft Security Advisory (981374) has further details.

For further details on how you can keep this vulnerability from being exploited on your network, contact Milton Security Support Group at support@miltonsecurity.com.

Milton Security Group, LLC
111 North Harbor Blvd., Suite D
Fullerton, CA 92832
Main: 888.674.9001
Support: 714.515.4084
www.MiltonSecurity.com
support@miltonsecurity.com

 

  • Copyright © 2007 - 2010 Milton Security Group LLC
  • Tel: 1.888.674.9001 - Fax: 1.714.459.7489
  • Email: info@miltonsecurity.com