There's a potentially dangerous, unpatched flaw in Internet Explorer lurking around in the wild, but users who want to protect themselves do have some options. Here's a quick guide to some of them.
Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month's regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options.
Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line.
Use Group Policy to propagate .dll disabling: Microsoft's workarounds don't include this time saver, but an independent researcher has posted templates for creating a pair of Group Policy objects that disable (or undo that) for all users of a Windows domain.
Disable Binary and Script Behaviors in IE 6: Another purely defensive move recommended by Microsoft is to turn off this scripting feature within the browser. Note, however, that this only protects against the currently-known exploit, which could, of course, morph into something else entirely.
-- Select Tools|Internet Options in IE
-- Click the "Security" tab
-- Click "Internet," then "Custom Level"
-- In the "ActiveX controls and plug-ins" section, under "Binary and Script Behaviors," click "Disable," and then click OK.
Repeat the last step above, but in the "Local intranet" zone.
Use another browser: Several security researchers and organizations have recommended dumping IE 6 in similar zero-day situations, and this was no different.
"One of the easiest ways might be to use Firefox with a plug-in to allow certain sites (such as windowsupdate.com) to transparently use MSIE to get back the ActiveX functionality without bothering the user over the choice and differences," said the Internet Storm Center in an online alert Wednesday.
Two such plug-ins (called "extensions" in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.
In this case, "another browser" can also mean Internet Explorer 7, which is currently in Release Candidate 1. According to a Microsoft spokesman late Tuesday, IE 7 is not vulnerable to the VML bug.
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.