Microsoft: Exploit affects all IE versions; Security Advisory (961051) updates

A revision to Microsoft Security Advisory (961051) with the latest information from ongoing work around this issue is posted. While the known attacks are only targeting Internet Explorer 7, we have found that the underlying vulnerability affects all currently supported versions of Internet Explorer. We have updated the advisory to include this information. We’ve also added […]

A revision to Microsoft Security Advisory (961051) with the latest information from ongoing work around this issue is posted. While the known attacks are only targeting Internet Explorer 7, we have found that the underlying vulnerability affects all currently supported versions of Internet Explorer. We have updated the advisory to include this information.

We’ve also added additional workarounds to the advisory and updated our guidance to recommend that you evaluate implementing two of the workarounds together for the most effective protection. Specifically, we’re recommending both setting the Internet zone security setting to High and using ACLs to disable Ole32db.dll. Our research so far has shown that these two steps together provide the most effective protections for this issue.

We have also seen some trending that may indicate attempts to utilize SQL injection attacks against Websites to load attack code on those websites. If you’re a website operator, you might want to review Microsoft Security Advisory (954462) which provides information on tools you can use to analyze your Website’s code to help protect against SQL Injection attacks, reports MSRC