How to Prepare for Microsoft Certifications Earning a Microsoft Certification could be the beginning or continuation of an enduring career that will include the strengthening of their technical skills, collaboration with other professionals ...

Readmore

Prometric offers vouchers of up to 25% off ... Hello people, I just received an email from Prometric informing a discount of up to 25% on Microsoft Certifications. The promotion is valid until December 31, 2009 or even last for the ...

Readmore

50% discount on Microsoft Certifications to ... Hello guys, Prometric is providing for students a 50% discount on Microsoft certifications. The promotion is valid until June 30, 2010. For more details visit the ...

Readmore

Book - Administration and Maintenance Environment ... Hello people, For those who are preparing for the exam 70-290 book Administration and Maintenance Environment Microsoft Windows Server 2003 is a great material. I recommend.

Readmore

Prometric offers vouchers of up to 25% off ... Hello people, I just received an email from Prometric informing a discount of up to 25% on Microsoft Certifications. The promotion is valid until December 31, 2009 or even last for the ...

Readmore

twitter

Twitter Facebook

Vulnerability Alert - Internet Explorer (Updated)

Posted by Luciano Lima | Comments: (0)

Category: Security

Tags: , , , , , ,

Microsoft announced on 14 January the Security Advisory 979352 regarding a vulnerability in Internet Explorer 6.0 Service Pack 1, Internet Explorer 7 and Internet Explorer 8. This vulnerability can be exploited by a malicious Web page and allows to run the same code with user privileges.

This vulnerability was used in targeted attacks against Google Inc. and other companies in the People's Republic of China. Microsoft is not aware yet of wider use of this vulnerability in the Internet.

Microsoft is working on developing a fix for the problem to be available as soon as possible, including possibly disclose it outside the normal date (the second Tuesday of each month). So far the following protective actions can be taken:

Protected Mode - In Windows Vista and Windows 7 Internet Explorer by default works in Protected Mode (Protected Mode) to Internet sites, which mitigates the risk of exploitation of this vulnerability. Microsoft recommends that you always can use Protected Mode for Internet browsing.

IE%20PM thumb Alerta de Vulnerabilidade – Internet Explorer (Atualizado)

If the Protected Mode is not activated for Internet sites, you can activate it by opening the Tools menu and then selecting the Internet Options menu. Protected Mode can be enabled on the Security tab, in the image below:

IE%20PM2 thumb Alerta de Vulnerabilidade – Internet Explorer (Atualizado)

Data Execution Prevention - In addition to always use the Protected Mode for Internet browsing, Internet Explorer 7 users are encouraged to enable the Data Execution Prevention (DEP), which makes more difficult the execution of an attack against this vulnerability. The DEP is already enabled by default in Internet Explorer 8.

To enable DEP in Internet Explorer 7, click the Fix It button below. Fix It for the work you must be running Internet Explorer as an administrator (in Vista, right click and select Run as Administrator), and then restart Internet Explorer for the DEP is effectively enabled.

Alerta de Vulnerabilidade – Internet Explorer (Atualizado)

Non-Admin User - To limit the impact of the vulnerability, surf the Internet with a user account other than the administrator of the system.

This blog post will be updated as new information becomes available.

Update (1/15/2009) - The SANS reports that the source code of an exploit for the vulnerability was disclosed on the Internet. This exploit only affects Internet Explorer 6. Newer versions of Internet Explorer have protection mechanisms such as Protected Mode and DEP that make exploitation of the vulnerability more difficult.

pixel Alerta de Vulnerabilidade – Internet Explorer (Atualizado)