New Microsoft Security Advisory Published (979352)
Microsoft has just published a new security advisory. This advisory affects Internet Explorer and can lead to remote code execution on machines. There have been reports of limited targeted attacks which makes this a zero-day exploit as there is no patch available yet for this vulnerability.
Microsoft has posted a couple of workarounds to help mitigate this risk:
- Set your Internet Security Zone settings to "High" for ActiveX Controls and Active Scripting
- Set Internet Explorer to prompt or disable Active Scripting
- Enable DEP for Internet Explorer
With a vulnerability like this, it is very important to be aware of phishing attempts through email, instant messaging or Internet sites.
Because this affects Internet Explorer and is a zero-day exploit, we can probably expect an out-of-band patch release in the coming days/weeks before February's patch Tuesday.
This could be related to the Google breach reported a few days ago as the advisory page cites Acknowledgements to Google, Adobe and McAfee.
- Jason Miller