Microsoft recently posted an advisory on the recently discovered zero day flaw in Internet Explorer 6 and 7. It would appear that the workarounds are to use IE8, enable ‘Protected Mode’ in IE7 on Vista, ensure Data Execution Prevention (DEP) is enabled for Internet Explorer, or disable all Active Scripting and ActiveX controls.
At this time Microsoft says that no exploit has been found in the wild, and they have not determined whether the fix will be part of a patch Tuesday roll-up, or released out of cycle.
This might seem like a good week to be a Chrome, Firefox or Safari user, yet they have all had major vulnerabilities patched in recent weeks as well. We need to be consistently vigilant in defending the most exposed software on our computer?the browser.
The safest thing you can do online is to reduce your attack surface. What I mean by that is to run a bare minimum set of applications with a minimum set of plugins or extensions. Keeping your applications patched is a daunting task, your only hope is to minimise your exposure and patch as quickly as you can when fixes are made available by vendors.
It may be necessary or desirable to have multiple browsers, or to choose a browser based upon how large a target it is. The important point here is that you should control and have awareness as to which applications are deployed in your network, and have a strategy to deploy patches.
Managing what applications you allow and having a plan to keep them up to date is the most important step you can take to securing your desktops against the Web threat. You have multiple chances to block the malware before it attacks your system and you should use as many levels of defence as you are able.