Infocon back to green
After elevating the Infocon to 'Yellow' 24 hours ago, we now switched back to green as there is no new development regarding the Internet Explorer issue.
There is still no fix, and even on our site, which is mostly frequented by users interested in security, 50% of all visitors are likely vulnerable based on them using Internet Explorer with Javascript enabled.
We do not see any use of the exploit "in the wild", but the proof of concept version could trivially be modfied, so the risk persists.
If you use Microsoft Internet Explorer, make sure that you have Javascript turned off. While Windows 2003 is not vulnerable in its default configuration, it may be vulnerable in a more relaxed configuration.
Personal preference: Use Firefox and the "noscript" extension. It will allow you to turn javascript on as needed.
In MSIE, you have the option to have MSIE prompt you whenever a site contains Javascript. This is not only a bit annoying, but the warning that pops up may not get the message across to your users:
There is still no fix, and even on our site, which is mostly frequented by users interested in security, 50% of all visitors are likely vulnerable based on them using Internet Explorer with Javascript enabled.
We do not see any use of the exploit "in the wild", but the proof of concept version could trivially be modfied, so the risk persists.
If you use Microsoft Internet Explorer, make sure that you have Javascript turned off. While Windows 2003 is not vulnerable in its default configuration, it may be vulnerable in a more relaxed configuration.
Personal preference: Use Firefox and the "noscript" extension. It will allow you to turn javascript on as needed.
In MSIE, you have the option to have MSIE prompt you whenever a site contains Javascript. This is not only a bit annoying, but the warning that pops up may not get the message across to your users:
Keywords:
0 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
Diary Archives
Comments