[-IE-] 美国官方对ie漏洞发出声明

楼主: rottenrotter (trash)   2014-04-29 07:48:09
美国国土安全部旗下的电脑警备小组正式发新闻稿
确认微软ie漏洞已经被利用, ie6-11均有危险,
建议使用者采取微软提供的应急方式或使用其他浏
览器.
原网址 http://ppt.cc/OcgV
(英文盲,无能翻译请见谅)
Microsoft Internet Explorer Use-After-Free Vulnerability Guidance
Original release date: April 28, 2014
US-CERT is aware of active exploitation of a use-after-free
vulnerability in Microsoft Internet Explorer. This vulnerability
affects IE versions 6 through 11 and could allow unauthorized
remote code execution.
US-CERT recommends that users and administrators review Microsoft
Security Advisory 2963983(http://ppt.cc/cI~7) for mitigation
actions and workarounds. Those who cannot follow Microsoft's
recommendations, such as Windows XP users, may consider employing
an alternate browser.
For more details, please see VU#222929
(http://www.kb.cert.org/vuls/id/222929).
PS.微软建议应急方式(节录自http://ppt.cc/cI~7)
1.Deploy the Enhanced Mitigation Experience Toolkit 4.1
2.Set Internet and Local intranet security zone settings to "High"
to block ActiveX Controls and Active Scripting in these zones.
3.Configure Internet Explorer to prompt before running Active Scripting
or to disable Active Scripting in the Internet and Local intranet
security zone
4.Modify the Access Control List on VGX.DLL to be more restrictive
5.Enable Enhanced Protected Mode For Internet Explorer 11 and Enable
64-bit Processes for Enhanced Protected Mode

Links booklink

Contact Us: admin [ a t ] ucptt.com