Microsoft confirmed this week that both Internet Explorer 6 and Internet Explorer 7 are affected by a flaw that could lead to remote code execution attacks.

Unfortunately there are already attacks in the wild taking advantage of this flaw.

How can you protect yourself?

Microsoft details a number of workarounds for the issue including:

  • Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
  • Enable DEP for Internet Explorer 6 Service Pack 2 or Internet Explorer 7

But those are temporary “patches” on the flaw and not meant to be long term solutions. So if you require the use of Internet Explorer in your office, your best bet is to upgrade to Internet Explorer 8 which is not vulnerable to the same attacks.

OR

Drop IE altogether and switch to Mozilla Firefox for your day to day browsing needs.

In the mean time, Microsoft is investigating the issue and may opt to release a patch in a future Windows Update.

If you’re not sure which is the best solution for your small business, give us a call to discuss your options.

Users of Windows 7, Windows Server 2008 R2, Internet Explorer 8 and Internet Explorer 5.01 are not affected.

For more information: Microsoft Security Advisory (981374)