Internet Explorer Web Browser Security Bug Reported - SSO-AL2010-004

15 January 2010

Software and platforms affected

The following software is affected

Internet Explorer 8
Internet Explorer 7
Internet Explorer 6

for the following operating systems:

Windows 7
Windows Server 2008
Windows Vista
Windows Server 2003
Windows XP
Windows 2000

What is the problem?

There is a bug in versions 6, 7 and 8 of the Microsoft Internet Explorer web browser, which could result in your computer being attacked by criminals. This bug is being actively exploited by criminals at present.

What we recommend you do

Microsoft is still investigating the bug, therefore a fix is not yet available. The following options are available to help protect your computer until Microsoft releases an update:

Follow the instructions in the Microsoft bulletin to increase the security level of Internet Explorer and only allow known trusted sites to be unrestricted. Note that you may have to undo these changes once an update is available.
Install the Microsoft FixIt to enable data execution prevention, which will help stop criminals from using this vulnerability. Note that you may have to uninstall the FixIt once an update is available.
If you do not wish to install the temporary fixes mentioned above, consider using an alternate web browser (Mozilla Firefox, and Apple Safari are two such browsers) until an update becomes available. If you choose to install a different web browser remember to click "yes" when it asks to be set as the default. The following guidelines will assist you in setting the default browser if you are not prompted to do so, or already have another browser installed that is not the default:
http://www.ssoalertservice.net.au/content/doc/January_2009.pdf

Where you can find more information

http://www.microsoft.com/technet/security/advisory/979352.mspx
http://support.microsoft.com/kb/979352

Disclaimer

This Alert has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy.

The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Alert is not adapted to any particular person's circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances.

The Commonwealth, AusCERT, and all other persons associated with this Alert accept no responsibility or liability for information either included or referred to in the Alert. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Alert, whether by way of negligence or otherwise.

The listing of a person or organisation in any part of this site or Alert does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.

Please note that material in this Alert, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Alert may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.

		SEARCH
Home Advisories Alerts Newsletters Subscribe or Log In Visit Stay Smart Online	Larger text Smaller text You are here: Stay Smart Online Alert Service > Client applications > Internet Explorer Web Browser Security Bug Reported - SSO-AL2010-004 Internet Explorer Web Browser Security Bug Reported - SSO-AL2010-004 15 January 2010 Software and platforms affected The following software is affected Internet Explorer 8 Internet Explorer 7 Internet Explorer 6 for the following operating systems: Windows 7 Windows Server 2008 Windows Vista Windows Server 2003 Windows XP Windows 2000 What is the problem? There is a bug in versions 6, 7 and 8 of the Microsoft Internet Explorer web browser, which could result in your computer being attacked by criminals. This bug is being actively exploited by criminals at present. What we recommend you do Microsoft is still investigating the bug, therefore a fix is not yet available. The following options are available to help protect your computer until Microsoft releases an update: Follow the instructions in the Microsoft bulletin to increase the security level of Internet Explorer and only allow known trusted sites to be unrestricted. Note that you may have to undo these changes once an update is available. Install the Microsoft FixIt to enable data execution prevention, which will help stop criminals from using this vulnerability. Note that you may have to uninstall the FixIt once an update is available. If you do not wish to install the temporary fixes mentioned above, consider using an alternate web browser (Mozilla Firefox, and Apple Safari are two such browsers) until an update becomes available. If you choose to install a different web browser remember to click "yes" when it asks to be set as the default. The following guidelines will assist you in setting the default browser if you are not prompted to do so, or already have another browser installed that is not the default: http://www.ssoalertservice.net.au/content/doc/January_2009.pdf Where you can find more information http://www.microsoft.com/technet/security/advisory/979352.mspx http://support.microsoft.com/kb/979352 Disclaimer This Alert has been prepared by AusCERT for the Department of Broadband, Communications and the Digital Economy. The information is intended for used by home users and small to medium sized businesses and is general information only and not intended as advice and was accurate and up to date at the time of publishing. The material and information in this Alert is not adapted to any particular person's circumstances and therefore cannot be relied upon to be of assistance in any particular case. In any important matter, you should seek professional advice relevant to your own circumstances. The Commonwealth, AusCERT, and all other persons associated with this Alert accept no responsibility or liability for information either included or referred to in the Alert. No responsibility or liability is accepted for any damage, loss or expense incurred as a result of the information contained in the Alert, whether by way of negligence or otherwise. The listing of a person or organisation in any part of this site or Alert does not imply any form of endorsement by the Commonwealth of the products or services provided by that person or organisation. Similarly, links to other web sites have been inserted for your convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service. Please note that material in this Alert, as the case may be, includes views or recommendations of third parties, which do not necessarily reflect the views of the Commonwealth, or indicate its commitment to particular course of action. Material on this site or in this Alert may also include information provided by third parties. The Commonwealth cannot verify the accuracy of information that has been provided by third parties.
	Last Updated: 2010-01-15 Copyright \| Privacy \| Disclaimer