NEWS FROM THE LAB - Wednesday, January 12, 2011

Update: IE vulnerability (Security Advisory 2488013) Posted by Sarah @ 03:38 GMT

The vulnerability in Internet Explorer that was first reported on December 23rd, 2010 has yet to be patched but Microsoft has updated its advisory which contains workarounds and mitigations for the issue.

For those who don't use IE, it'd be wise to turn off the IE option until a permanent fix is released. Those who need to use IE are advised to implement the workarounds that involve:

  •  preventing the recursive loading of CSS style sheets in IE,
  •  deploying the Enhanced Mitigation Experience Toolkit (EMET), and
  •  setting Internet and local Internet security zone settings to "High".

Detailed instructions for implementing the workarounds can be found at the updated Security Advisory 2488013. Please take note that for these workarounds to be effective, the latest security update (MS10-090) must be installed first.

Keep posted for the latest news.