November 22nd, 2005
An irresponsible British company released details of a [tag]vulnerability[/tag] along with demonstration code yesterday which puts users of [tag]Internet Explorer[/tag] (6.0 and 5.5, irrespective of whether XP SP2 is installed) at risk. As of today, no patch exists for this issue so people are understandably worried about the risks.
Here's a simple way that you can protect yourself - disable [tag]Active Scripting[/tag]. I'll show you how it's done!
Follow these simple steps:
- Fire up Internet Explorer
- Click on Tools followed by Internet Options ...
- Click on the Security tab and then click on Internet and then Custom Level...
- In the Security Settings window scroll down to Scripting.
- Make the following three changes:
- Click OK.
- The problem with the changes that you've made is that this change will break a number of legitimate websites that rely on scripting. You can overcome this as follows
Click on Trusted sites and then the Sites... button.
- Add the domain name of the website (this is the pcdoctor-guide.com part and doesn't include the www part, replace this with *) to the Add this Web site to the zone: text box. Remember to add the *. to the beginning (to make it work across the whole domain) and click Add (uncheck the Requires server verification (https:) for all sites in the zone).
- Click OK and OK and close the browser. You are now protected against the vulnerability.
This should now keep you safe until [tag]Microsoft[/tag] releases a patch, after which you can reverse the changes shown here.
This entry was posted on Tuesday, November 22nd, 2005 at 13:20 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.