Active Exploit of Internet Explorer

Brian Krebs, in his “Security Fix” blog at the Washington Post has an article describing a newly-discovered ecurity vulnerability in Microsoft’s  Internet Explorer running on Windows XP or Windows Server 2003.  The problem is in a dynamic link library (.dll file) used by Internet Explorer in processing video content.  The vulnerability is serious, and can be used to attack any system that visits a compromised Web site.  The SANS Institute is reporting that a large number of otherwise legitimate Web sites have been compromised with infected files.

According to the Microsoft Security Advisory, Windows Vista and Server 2008 are not affected.  Microsoft has not yet released a patch for the affected software, but there is a work-around which will disable the dangerous video control.  The manual work-around, which requires editing the Registry (not for the faint-of-heart or the ten-thumbed), is in the “Suggested Actions / Workarounds” section of the advisory.  Alternatively, you can download a small installer file that does the same thing (as well as an uninstaller).  According to Microsoft, functions other than video playback should not be affected.   The Security Advisory has more details.

Because this seems to be spreading, and because code to exploit the vulnerability is publicly available, I recommend implementing the work-around as soon as possible.

Comments are closed.

%d bloggers like this: