/build/static/layout/Breadcrumb_cap_w.png

New I.E. Zero Day Exploit - Turn off Active Scripting

There is a New IE hole, you can read more about here.
http://isc.sans.org/diary.php?storyid=1226
http://www.microsoft.com/technet/security/advisory/917077.mspx
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=451
http://www.eeye.com/html/research/alerts/AL20060324.html

So I'm going to use GPO to turn off Active Scripting on all my computers.
Is there any side affect of turning off active scripting?

Thanks....

0 Comments   [ + ] Show comments

Answers (1)

Posted by: rahvintzu 18 years ago
Orange Senior Belt
0
The official patch will be released mid april during normal release cycle.
It may get pushed fwd so keep an eye on ms.

If u turn off active scripting it will disable java (virtual machine), activex, vbscript and Jscript.
If u want to go down this path then make sure u apply this to ur zones, and have ur corporate sites listed as in the trusted zone.

This flaw actually requires u to visit a site.
The main way of getting hit currently is via spam with embedded links, so a client needs to click the link (user education).

Most antispyware/antivirus will detect the trojan that loads from this attack.
The original posting can be found here:
http://secunia.com/advisories/18680/

Remeber security is all about risk management.
You will need to weigh up if the risk is high enough to suffer a loss of service for ur clients. eg some sites will not work, eg internet banking, e commerce etc.
This loss of business funtion needs to balanced with the chance of it occuring, and the impact of it occuring.... ahh the lovely seesaw.

Regards
Rahvintzu
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ