Monday

Internet Explorer Zero-Day Exploit Not Dead

You may recall a "zero-day" security vulnerability affecting IE 6,7 and 8 (basically the Internet Explorer versions available to Windows XP users) from  a week or so ago? The one that's NOT being permanently fixed as part of  tomorrow's Patch Tuesday - yes, that one. Well, Microsoft had put out a "FixIt" patch to mitigate the effects of the vulnerability. Unfortunately, that patch was not as good as they probably hoped, and ways around it have already been figured out by security researchers - and probably The Bad Guys. So what now? We'll no doubt see a proper patch from Microsoft at some point, and they also point to their EMET toolkit - not really meant for everyday users, though. So far, the attacks using this method have been pretty targeted, so install the FixIt for now and clench up - you might also install Google Chrome or Mozilla Firefox and use that as your primary browser...


patch

No comments :