Secure IT Alert for Monday, January 31, 2011
Microsoft has announced in Security Advisory 2501696 that they are investigating a potential vulnerability that may exist in ALL current supported editions of Microsoft Windows (Including Windows 7, Server 2008, Vista, XP and Server 2003). In fact, the only version that may not be affected would be the Server Core installations.
According to the bulletin, Microsoft is aware of the “proof-of-concept” code that has been released, so they are looking into it further, though they have seen no “active exploitation of the vulnerability”.
MHTML is the culprit and apparently, it IS possible (under certain conditions) for the vulnerability to allow an attack to inject client-side scripts in the response of a web request run in the context of the user’s Internet Explorer. The script could then spoof content, disclose personal information or emulate any action that the user could actually take on the affected web site. (IE, make selections, input data, etc).
What can you do to protect yourself? According to MS, you could lock down MHTML, set your internet security zone settings to “high” to block ActiveX controls and Active Scripting (in IE, Tools, Internet Options, Security, Internet, Security level for this zone and set slider to High). You could also set IE to prompt before running “Active Scripting” or disable “Active Scripting” all together in the Internet and Local intranet security zone. (In IE, Tools, Internet Options, Security, Internet, CUSTOM LEVEL, then under Settings, find the Scripting section and set Active Scripting to “Prompt” or “Disable”. Same under Local Intranet.). You can then add sites that you trust to the IE Trusted sites zone.
Use of an anti-virus software package like Trend Micro Titanium or Trend Micro Worry-Free Business Security which has the ability to watch web traffic is HIGHLY recommended. And of course, you could use an alternative browser, such as Google Chrome, or Mozilla Firefox… Many firewalls and security appliances from vendors like Cisco, WatchGuard and SonicWALL have the ability to block this type of traffic as well.
If you have questions or concerns about your personal computer or an entire business network in the Greenville / Upstate, SC area, please call 864.990.4748 or email firstname.lastname@example.org
More information is available here: http://www.dailymail.co.uk/sciencetech/article-1352271/Microsoft-security-flaw-affects-900m-people-using-Internet-Explorer.html