November 22nd, 2005
An irresponsible British company released details of a vulnerability along with demonstration code yesterday which puts users of Internet Explorer (6.0 and 5.5, irrespective of whether XP SP2 is installed) at risk. As of today, no patch exists for this issue so people are understandably worried about the risks.
Here's a simple way that you can protect yourself - disable Active Scripting. I'll show you how it's done!
Follow these simple steps:
- Fire up Internet Explorer
- Click on Tools followed by Internet Options ...
- Click on the Security tab and then click on Internet and then Custom Level...
- In the Security Settings window scroll down to Scripting.
- Make the following three changes:
- Click OK.
- The problem with the changes that you've made is that this change will break a number of legitimate websites that rely on scripting. You can overcome this as follows
Click on Trusted sites and then the Sites... button.
- Add the domain name of the website (this is the pcdoctor-guide.com part and doesn't include the www part, replace this with *) to the Add this Web site to the zone: text box. Remember to add the *. to the beginning (to make it work across the whole domain) and click Add (uncheck the Requires server verification (https:) for all sites in the zone).
- Click OK and OK and close the browser. You are now protected against the vulnerability.
This should now keep you safe until Microsoft releases a patch, after which you can reverse the changes shown here.
This entry was posted on Tuesday, November 22nd, 2005 at 13:20 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.