Thu, Dec 11 2008 4:46
Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008
is investigating new public reports of attacks against a new
vulnerability in Internet Explorer. Our investigation so far has shown
that these attacks are against Windows Internet Explorer 7 on supported
editions of Windows XP Service Pack 2, Windows XP Service Pack 3,
Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2,
Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.
this time, we are aware only of limited attacks that attempt to use
this vulnerability. Our investigation of these attacks so far has
verified that they are not successful against customers who have
applied the workarounds listed in this advisory. Additionally, there
are mitigations that increase the difficulty of exploiting this
We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance
(MSRA) programs to provide information that they can use to provide
broader protections to customers. In addition, we’re actively working
with partners to monitor the threat landscape and take action against
malicious sites that attempt to exploit this vulnerability.
are actively investigating the vulnerability these attacks attempt to
exploit. We will continue to monitor the threat environment and update
this advisory if this situation changes. On completion of this
investigation, Microsoft will take the appropriate action to protect
our customers, which may include providing a solution through a service
pack, our monthly security update release process, or an out-of-cycle
security update, depending on customer needs.
to encourage customers to follow the "Protect Your Computer" guidance
of enabling a firewall, applying all software updates and installing
anti-virus and anti-spyware software. Additional information can be
found at Security at home.
Protected Mode in Internet Explorer 7 in Windows Vista limits the impact of the vulnerability.
By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration.
This mode sets the security level for the Internet zone to High. This
is a mitigating factor for Web sites that you have not added to the
Internet Explorer Trusted sites zone. See the FAQ subsection of this
vulnerability section for more information about Internet Explorer
Enhanced Security Configuration.
attacker who successfully exploited this vulnerability could gain the
same user rights as the local user. Users whose accounts are configured
to have fewer user rights on the system could be less affected than
users who operate with administrative user rights.
Currently known attacks cannot exploit this issue automatically through e-mail.
Filed under: Advisories / Bulletins