Computer Safety Tip

Microsoft talks up countermeasures to fend off new IE attacks

December 19, 2008 Computer Safety Tip

MicroSoft Corp has warned users of Internet Explorer 7 (IE7) that attackers are actively using a critical bug in the browser, and to take countermeasures in lieu of a patch. Users running IE7 in Windows XP, Windows Vista, Windows Server 2008 and Windows Server 2008 are at risk.
Three things IE7 users can do to protect themselves:
1.    Set”Internet”and “Local Internet” security zones to “high”. Users must select “Internet Options” from Tools menu, click the Security tab, click on “Internet”, then move the slider to “High” setting. Repeat for “Local Internet”. Click OK.
2.    Disable Active Scripting. Choose “Internet Options” from Tools menu, click the Security tab, click “Internet” icon and then the “Custom level” button. In the ensuing dialog, under the “Scripting” section, in the “Active scripting” item, click “Disable”, then OK.
3.    Enable DEP (data execution prevention). Select “Internet Options” from Tools menu, click the Advanced tab, then check “Enable memory protection to help mitigate online attacks”. Click OK.

While multiple exploits have surfaced, all are effective against IE7.  Microsoft and other re-searches are still exploring whether the older IE6 also contains the same vulnerability.
If IE6 does not turn out to be vulnerable to attack, users can protect themselves  by switching on DEP in the operating system.
Because IE6 lacks a DEP setting, users running Windows XP, both Service Pack 2 (SP2) and SP3, must turn it on in the operating system instead. To do so, right click”My Computer”, select”Properties” from the ensuing menu, click the”Advanced” tab. Under the”Performance” section, click the”Settings” button, then the”Data Execution Prevention” tab.”Turn on DEP for all programs and services except those I select:”and click OK. IE8, which is the Beta 2 at the moment, enables DEP by default.

Tags: ie, IE atack, Microsoft