Protecting yourself against the latest Internet Explorer vulnerability

November 22nd, 2005

An irresponsible British company released details of a [tag]vulnerability[/tag] along with demonstration code yesterday which puts users of [tag]Internet Explorer[/tag] (6.0 and 5.5, irrespective of whether XP SP2 is installed) at risk.  As of today, no patch exists for this issue so people are understandably worried about the risks.

Here's a simple way that you can protect yourself - disable [tag]Active Scripting[/tag].  I'll show you how it's done!

Follow these simple steps:

  1. Fire up Internet Explorer
  2. Click on Tools followed by Internet Options ...
    IE disable Active Scripting 1
  3. Click on the Security tab and then click on Internet and then Custom Level...
    IE disable Active Scripting 2
  4. In the Security Settings window scroll down to Scripting.
    IE disable Active Scripting 3
  5. Make the following three changes:
    IE disable Active Scripting 4
  6. Click OK.
  7. The problem with the changes that you've made is that this change will break a number of legitimate websites that rely on scripting.  You can overcome this as follows
    Click on Trusted sites and then the Sites... button.
    IE disable Active Scripting 5
  8. Add the domain name of the website (this is the part and doesn't include the www part, replace this with *) to the Add this Web site to the zone: text box.  Remember to add the *. to the beginning (to make it work across the whole domain) and click Add (uncheck the Requires server verification (https:) for all sites in the zone).
    IE disable Active Scripting 6
  9. Click OK and OK and close the browser.  You are now protected against the vulnerability.

This should now keep you safe until [tag]Microsoft[/tag] releases a patch, after which you can reverse the changes shown here.

More Information!

Microsoft advisory here and coverage on the Washington Post Security Fix blog here.

This entry was posted on Tuesday, November 22nd, 2005 at 13:20 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to “Protecting yourself against the latest Internet Explorer vulnerability”

  1. The PC Doctor » Blog Archive » More flaws plague Internet Explorer Says:

    [...] What can you do?  Well, you can disable Active Script.  the other option open to you is to download an alternative browser (such as Firefox or Opera).  [...]