Internet Explorer Attack Targets - Best Security Tips offers daily news, information, advices and tips about spyware, adware, viruses, trojans, web vulnerabilities, hackers, other threats    | Register now | Login
   
TIPS NEWS TOOLS DOWNLOADS MALWARE FORUM BOOKS FREE MAGAZINES FREE WEBCASTS & VIDEOS
GFI LANguard Network Security Scanner - Dld 30-day trial! del.icio.us  digg  Furl  NewsVine  Spurl  Blinklist  Ma.gnolia  Reddit  Tailrank  YahooMyWeb 
Best Tips
DIY Windows Security Che...
PHPSecInfo
Web Application Firewall...
How To Secure Your Data ...
Instant Messaging Attack...
Symantec Internet Securi...
Database Software Attac...
How to File Your Tax Sec...
Read FTC Warnings About ...
How To Protect Your Priv...
Security Scanner
Security Categories
 1. Adware/Spyware
 2. Antivirus
 3. Firewall
 4. Phishing
 5. Linux Security
 6. Windows Security
 7. Security Incidents
 8. Web Security
 9. P2P Security
Advertise With Us!
Latest Viruses / Threats
Bugtraq: [SECURITY] [DSA 1630-1] New Linux 2.6.18 packages fix several vulnerabilities
2008/8/21 13:19:33
Bugtraq: [ MDVSA-2008:178 ] xine-lib
2008/8/21 11:36:17
Bugtraq: Null Byte Local file Inclusion in FAR - PHP Project version:1.0
2008/8/21 11:36:17
Bugtraq: [ MDVSA-2008:177 ] xine-lib
2008/8/21 11:36:17
Bugtraq: UPDATE: [ GLSA 200804-22 ] PowerDNS Recursor: DNS Cache Poisoning
2008/8/21 11:36:17
Downloads
 0.Fx MPEG Suite
 1.Daniusoft Video to MP4 Converter
 2.iProtectYou
 3.Deep Ball Defender
 4.Amazing Parrots Screensaver
 5.FlashCam Rebroadcasting server
 6.MysqlDataBackupTool
 7.Photo-Paint 9 script converter
 8.Fast PDF converter
 9.Apex iPod Video Converter Home Edition
Security News
Major Security Hole ...
How Fragmentation Im...
Cyber Security Indus...
LimeWire Under Lawsu...
Microsoft is Guilty ...
HIGH RISK AOL Instan...
The Microsoft-Novell...
The Little Known Se...
Joint Solution Ensur...
Identity theft large...
RSS / Atom Feeds
SANS Top-20 Internet Security Attack Targets: Internet Explorer Attack Targets (2/3)  
Author: Max : 2006/11/20 Printer Friendly Page Tell a Friend
Internet Explorer Attack Targets 

W1.2 Operating Systems Affected
Internet Explorer 5.x and 6.x running on Windows 98/ME/SE, Windows NT Workstation and Server, Windows 2000 Workstation and Server, Windows XP Home and Professional, and Windows 2003 are all potentially vulnerable.

W1.3 CVE Entries
CVE-2005-2831,CVE-2006-0020,CVE-2006-1185,CVE-2006-1186,CVE-2006-1188,CVE-2006-1189,CVE-2006-1245,CVE-2006-1303,CVE-2006-1313,CVE-2006-1359,CVE-2006-1388,CVE-2006-2218,CVE-2006-2382,CVE-2006-2383,CVE-2006-3450,CVE-2006-3451,CVE-2006-3637,CVE-2006-3638,CVE-2006-3639,CVE-2006-3873,CVE-2006-4868

W1.4 How to Determine If You Are at Risk
Use any vulnerability scanner to check whether your systems
are patched against these vulnerabilities. You can also consider using
the Microsoft Windows Server Update Services (WSUS),Microsoft Baseline Security Analyzer (MBSA),Windows Live Scanner or Systems Management Server (SMS) to check the security patch status of your systems.

W1.5 How to Protect against These Vulnerabilities


  • If you are using Internet Explorer on your system, the best way to remain secure is to upgrade to Windows XP Service Pack 2. The improved operating system security and Windows Firewall will help mitigate risk. For those unable to use Windows XP with Service Pack 2, it is strongly recommended that another browser be used.


  • It is also recommended to upgrade to version 7 of Internet Explorer, which provides improved security over previous versions. The latest version of Internet Explorer, IE7, is being distributed by Microsoft as a Critical Update (KB926874)


  • Keep the systems updated with all the latest patches and service packs. If possible enable Automatic Updates on all systems.


  • Watching out for Microsoft Security Advisories and implementing suggested mitigations before the patch becomes available could alleviate exposure to zero day attacks.


  • To prevent exploitation of remote code execution vulnerabilities at Administrator level, tools like Microsoft DropMyRights can be used to implement "least privileges" for Internet Explorer.


  • Prevent vulnerable ActiveX components from running inside Internet Explorer via the "killbit" mechanism.


  • Many spyware programs are installed as Browser Helper Objects. A Browser Helper Object or BHO is a small program that runs automatically every time Internet Explorer starts and extends its functionalities. Browser Helper Objects can be detected with
    Antispyware scanners.


  • Use Intrusion Prevention/Detection Systems, Anti-virus,Anti-Spyware and Malware Detection Software to block malicious HTML script code.


  • Windows 98/ME/NT are no longer supported for updates. Legacy users should consider upgrading to Windows XP.


  • Consider using other browsers such as Mozilla Firefox that do not support ActiveX technology.



 Page: 1 2 3 

Return to Category | Return To Main Index
Identity Theft Protection Services :
LifeLock Identity Theft Prevention Solution
Veracity Credit Optimization Services
Equifax Credit Watch
 Free Credit Report
Identity Truth
Privacy Matters 123



 

HOME | NEWS | SECURITY BLOG | TOOLS | DOWNLOADS | SECURITY BOOKS | TIPS | SITEMAP | TERMS AND CONDITIONS | INTERNET SECURITY SEARCH ENGINE | ADVERTISE ON THIS SITE | CONTACT
Nov '07 | Dec '07 | Jan '08 | Feb '08 | Mar '08 | Apr '08 | May '08 | Jun '08 
Best Security Downloads offers 4000+ free and free to try security downloads