Microsoft yesterday warned Internet Explorer 9 (IE9) users of possible attacks to their Web browsers, citing complaints from a number of its users.
The Security Advisory 2757760 claims an issue is affecting Internet Explorer 9 and earlier versions, with a vulnerability leaving users susceptible to maliciously hosted websites. Internet Explorer 10, however, remains resistant to the attacks.
“We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue,” Yunsun Wee, Director,Trustworthy Computing Group for Microsoft, said in a post.
According to Microsoft, users of Internet Explorer 9 and below should deploy the Enhanced Mitigation Experience Toolkit (EMET) as it will help prevent exploitation by providing mitigations to help protect against the attacks.
The new zero-day exploit affected Windows XP, Vista and 7 systems and might affect any Internet Explorer users when visiting a website with malicious links, Mashable reported.
Users are also asked to set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones which are said to help prevent exploitation.
Users should in addition only add trusted sites to the Internet Explorer Trusted Sites zone to minimise disruption.
Before running Active Scripting, users are further asked to configure Internet Explorer to prompt or to disable Active Scripting in the Internet and local intranet security zones, as it will prevent exploitation.
Microsoft says that by deploying the Enhanced Mitigation Experience Toolkit, it will help prevent a malicious website from attacking the browser.
“EMET in action is unobtrusive and should not affect customers’ Web browsing experience. We are monitoring the threat landscape very closely and will post more updates,” the firm said.
In the meantime, Microsoft urges Internet users to follow the “Protect Your Computer” instructions by enabling Firewalls, applying software updates and installing antivirus and antispyware software. Users are also warned to be cautious when visiting websites and avoid clicking on suspicious links or opening email messages from unfamiliar senders.
