美國國土安全部旗下的電腦警備小組正式發新聞稿
確認微軟ie漏洞已經被利用, ie6-11均有危險,
建議使用者採取微軟提供的應急方式或使用其他瀏
覽器.
原網址 http://ppt.cc/OcgV
(英文盲,無能翻譯請見諒)
Microsoft Internet Explorer Use-After-Free Vulnerability Guidance
Original release date: April 28, 2014
US-CERT is aware of active exploitation of a use-after-free
vulnerability in Microsoft Internet Explorer. This vulnerability
affects IE versions 6 through 11 and could allow unauthorized
remote code execution.
US-CERT recommends that users and administrators review Microsoft
Security Advisory 2963983(http://ppt.cc/cI~7) for mitigation
actions and workarounds. Those who cannot follow Microsoft's
recommendations, such as Windows XP users, may consider employing
an alternate browser.
For more details, please see VU#222929
(http://www.kb.cert.org/vuls/id/222929).
PS.微軟建議應急方式(節錄自http://ppt.cc/cI~7)
1.Deploy the Enhanced Mitigation Experience Toolkit 4.1
2.Set Internet and Local intranet security zone settings to "High"
to block ActiveX Controls and Active Scripting in these zones.
3.Configure Internet Explorer to prompt before running Active Scripting
or to disable Active Scripting in the Internet and Local intranet
security zone
4.Modify the Access Control List on VGX.DLL to be more restrictive
5.Enable Enhanced Protected Mode For Internet Explorer 11 and Enable
64-bit Processes for Enhanced Protected Mode