Share via

IE 0-Day 相关信息更新 (Advisory 961051)

大家好,我是 Richard Chen.

微软已经更新关于 IE 0-day 的相关信息。
受影响的产品包含安装在受支援的操作系统 XPSP2 ~ Windows 2008 上面的 IE 5.01 ~ IE8 Beta2。

Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones
Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
Disable XML Island functionality
Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL 
Disable Row Position functionality of OLEDB32.dll
Unregister OLEDB32.DLL
Use ACL to disable OLEDB32.DLL
Enable DEP for Internet Explorer 7 on Windows Vista and on Windows Server 2008
Disable Data Binding support in Internet Explorer 8 Beta 2

相关技术细节请参考 Advisory 961051.
Clarification on the various workarounds from the recent IE advisory

关于 IE 0-Day 其他信息您可以参考以下链节:

- Microsoft Security Advisory 961051 (English)
- Microsoft Security Advisory 961051 (Chinese)
- Microsoft Security Response Center (MSRC) Blog
- Microsoft Malware Protection Center (MMPC) Blog
- Security Vulnerability Research & Defense Blog

Richard Chen