As you might have heard by now, Internet Explorer 9 down to version 6 are at risk because of a new security flaw — IE10 on Windows 8 has not been affected –. Microsoft has yet to issue a security update, but until then the company is suggesting some options to temporally deal with this bug.
About the new IE bug, well… It is a security hole that was discovered days ago and it could potentially compromise PCs running Windows 7, Vista, XP SP3 and below, if users browse malicious web pages designed to take advantage of this Internet Explorer’s weakness.
In an article from Microsoft Security Advisory the company is offering details about the problem and it is also advising users to protect themselves from this vulnerability until an update for IE is release.
Four different workaround to deal with the bug
What you should always be doing is advice first:
1. Make sure that you have an antivirus and anti-spyware solution installed and up-to-date, and also make sure that you are using a firewall, either use the one built-in Windows or use a third-party solution.
2. It is also suggested to install the Enhanced Mitigation Experience Toolkit or EMET from Microsoft. The utility is designed to help protect from weakness in software being easily exploited, by adding an extra layer of security that function as an obstacle that whoever writes the malicious software must bypass first.
3. Another option is to modify your Internet and Local Intranet security settings to High. If you want to do this. Open Control Panel, in the search box type Internet Options, from the list results open the Internet Properties, navigates to the Security tab and in the “Security level for this zone” position the slider to High for both zones. Click Apply and then OK.
4. Active Scripting can also be used by setting it to notify in both Local Intranet and Internet. To accomplish this task once again open the Internet Properties and in the Security tab, select the Internet zone, click the Custom Level button. Then scroll down and under the Scripting section, set the Active scripting option to Prompt, and click OK. Remember to do the same for the Local Intranet zone.
According to the company these workarounds could help prevent users from loading websites that can harm their computers with this security hole.
Changing the settings will actively trigger an unpleasant message every time the user stumble upon a web page that make use of the ActiveX control prompting to allow or block the web page. However, you can always opt not to use Internet Explorer, until a fix is release. Options are all around, you can use Google Chrome or Firefox as alternative web browsers among others. This is a pretty easy thing to do if you are a normal user, but the challenge comes when companies depend on IE to access their web applications.
Source Microsoft Security TechCenter via Cnet