W1.2 Operating Systems AffectedInternet Explorer 5.x and 6.x running on Windows 98/ME/SE, Windows NT Workstation and Server, Windows 2000 Workstation and Server, Windows XP Home and Professional, and Windows 2003 are all potentially vulnerable.
W1.3 CVE EntriesCVE-2005-2831,
CVE-2006-0020,
CVE-2006-1185,
CVE-2006-1186,
CVE-2006-1188,
CVE-2006-1189,
CVE-2006-1245,
CVE-2006-1303,
CVE-2006-1313,
CVE-2006-1359,
CVE-2006-1388,
CVE-2006-2218,
CVE-2006-2382,
CVE-2006-2383,
CVE-2006-3450,
CVE-2006-3451,
CVE-2006-3637,
CVE-2006-3638,
CVE-2006-3639,
CVE-2006-3873,
CVE-2006-4868W1.4 How to Determine If You Are at RiskUse any vulnerability scanner to check whether your systems
are patched against these vulnerabilities. You can also consider using
the Microsoft Windows Server Update Services (
WSUS),Microsoft Baseline Security Analyzer (
MBSA),
Windows Live Scanner or Systems Management Server (
SMS) to check the security patch status of your systems.
W1.5 How to Protect against These Vulnerabilities
If you are using Internet Explorer on your system, the best way to remain secure is to upgrade to Windows XP Service Pack 2. The improved operating system security and Windows Firewall will help mitigate risk. For those unable to use Windows XP with Service Pack 2, it is strongly recommended that another browser be used.
It is also recommended to upgrade to version 7 of Internet Explorer, which provides improved security over previous versions. The latest version of Internet Explorer, IE7, is being distributed by Microsoft as a Critical Update (KB926874)
Keep the systems updated with all the latest patches and service packs. If possible enable Automatic Updates on all systems.
Watching out for Microsoft Security Advisories and implementing suggested mitigations before the patch becomes available could alleviate exposure to zero day attacks.
To prevent exploitation of remote code execution vulnerabilities at Administrator level, tools like Microsoft DropMyRights can be used to implement "least privileges" for Internet Explorer.
Prevent vulnerable ActiveX components from running inside Internet Explorer via the "killbit" mechanism.
Many spyware programs are installed as Browser Helper Objects. A Browser Helper Object or BHO is a small program that runs automatically every time Internet Explorer starts and extends its functionalities. Browser Helper Objects can be detected with
Antispyware scanners.
Use Intrusion Prevention/Detection Systems, Anti-virus,Anti-Spyware and Malware Detection Software to block malicious HTML script code.
Windows 98/ME/NT are no longer supported for updates. Legacy users should consider upgrading to Windows XP.
Consider using other browsers such as Mozilla Firefox that do not support ActiveX technology.
