Vulnerability in Internet Explorer Could Allow Remote Code Execution
Microsoft is investigating reports of limited, targeted attacks against customers of Internet Explorer 6, using a vulnerability in Internet Explorer. Their advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.
Network Box classifies this as critical, with an exploitability index assessment of 1 (consistent exploit code likely). This is a zero-day vulnerability, with exploit code both highly publicised and generally available. The threat is exploited by Internet Explorer web browsers visiting compromised / malicious websites hosting the exploit. It is not exploitable in modern Outlook mail clients, other than by clicking on a malicious link to launch the Internet Explorer web browser and visit a website
Network Box is actively working with our anti-virus and content filtering partners to release protection as we see exploits. In addition, we have released NBIDPS signature IPS-1-300000028 to block exploits of this at the network traffic level.
We recommend that all customers operating affected Microsoft Windows systems, investigate the possibility of upgrade to versions of Internet Explorer beyond v6, use of higher security zones, or switch to alternative web browsers while this remains unpatched.
For more information on security issues, see www.network-box.com.
About Network Box:
Network Box Limited (NBL) is an international managed security services company, specialising in unified threat management (UTM). It continuously defends the networks of its customers using PUSH technology to instantaneously update protection, from 12 Security Operations Centres spread around the globe. NBL’s customers in Asia, Australia, North America and Europe include companies such as BMW, Nintendo and Toyota, as well as banks, utilities companies and government organisations.
For more information, see www.network-box.co.uk / www.network-box.com.
Further press information from:
Kate Hartley
Carrot Communications
Tel: +44 (0)771 406 5233
Email: networkbox [at] carrotcomms [dot] co [dot] uk
