Internet Explorer – new vulnerability makes it just too dangerous to use

There’s a very serious problem with all versions of Internet Explorer on all versions of Windows. See here for the osvdb entry.

In simple terms, it involves pages with Flash content, and all you’ve got to do is open a page on a dodgy web site and it’s game over for you. There’s no patch for it.

Microsoft’s advice can be found in this technet article. It’s pathetic. Their suggested work-around is to deploy the Microsoft Enhanced Mitigation Experience Toolkit (EMET). Apparently this is a utility that “helps prevent vulnerabilities in software from successfully being exploited by applying in-box mitigations”. Microsoft continues “At this time, EMET is provided with limited support and is only available in the English language.”

Here’s my advice – just don’t use Internet Explorer until its been fixed.

Update

21-Sep-12

Microsoft has released a fix for this. SeeĀ MS Security Bulletin MS 12-063.

If you have a legitimate copy of Windows this will download and install automatically, eventually. Run Windows Update manually to get it now – unfortunately it will insist on rebooting after installation.

 

Leave a Reply

Your email address will not be published. Required fields are marked *