Alfred's New Ramblings

Vulnerability in Microsoft Internet Explorer

Hmm another Microsoft Security Advisory.  This time, strangely it affects Internet Explorer  6 to 9. That is nearly all versions.  The vulnerability seems to be quite unique.  It could allow the hacker to perform remote code execution on websites.

The mitigation is more than the usual turn off the ActiveX until the patch is out. It require users involve installing a “Enhanced Mitigation Experience Toolket” or EMET.

This complexity led to some tech websites encouraging users to change browsers. link  This is easier said than done.  Corporate users need Internet Explorer to access Sharepoint, SSRS, CRM etc.  Telling them to use another browser for Internet related work is an exercise in futility.

On another note, KB articles are now 8 digits!

Advisory here. 2757760

EMET KB here 2458544

Update 10 Oct 12

The Security Update that you should install is here link  This is for Internet Explorer 7, 8 and 9 across all operating systems.  Internet Explorer 6?  Why are you still using this?