Microsoft Urges Internet Explorer users to Protect Against Targeted Attacks
On Monday night, Microsoft urged users of Internet Explorer 9 and earlier versions to deploy a toolkit that could help protect against a series of attacks hitting its system.
It was revealed earlier in the day by security forum Rapid7 that Internet Explorer was hit with a new zero-day exploit, which takes advantage of a security hole within websites to carry out attacks. This means that anyone using IE to visit a website that has malicious links could have their computer compromised.
The exploit is said to affect Windows XP, Vista and 7 systems.
“We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue,” Microsoft said in a company blog.
The company said consumers using IE are protected when using workarounds and mitigations, such as deploying its Enhanced Mitigation Experience Toolkit (EMET). This tookit aims to protect against this issue and should not affect usability of websites.
Microsoft said users should also set their Internet and local intranet security zone settings to “high” to block ActiveX Controls and Active Scripting.
“This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption,” the company said.
It also told users that it is still looking into the issue, and will keep them posted as new information surfaced.
“We are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog and on Twitter at @MSFTSecResponse,” the company said. “We also encourage folks to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders.”