Vulnerability affects: All Internet Explorer Versions.
How an attacker exploits it: Microsoft says: "This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message"
Impact: In the worst case, an attacker can execute code on your user’s computer, potentially gaining complete control of it.
The ‘Fix it' applies only to 32-bit versions of Internet Explorer. If you are running 64-bit, the ‘Fix it' cannot be applied.
1) "Enable the MHTML protocol lockdown"
2) "Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones"
3) "Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone."
In its advisory, Microsoft said that it was actively working to release a patch for the issue, either in its next monthly security update – due out Oct. 8 – or in an out-of-cycle release.
Clients with our Proactive Solution to Patch Management Automatically get the Updates.
Contact us to find out how you can become "Proactive" instead of "Reactive".
No comments:
Post a Comment