All - I've just got this message from my First Alert system (its real, no hoax, check the web) - thought I'd pass it on in case anyone needs it.
Kevin
===
"Recently, a zero-day exploit has been released that affects Microsoft’s Internet Explorer web browser. A zero-day exploit is one that takes advantage of security vulnerabilities before the software vendor or public knows the issue exists. In this case the exploit attacks flaws within all versions of Microsoft’s Internet Explorer web browser and could be used to take total control of the vulnerable system. As of today, Microsoft has not released a system patch to correct these vulnerabilities.
Within the last week, attackers on the public Internet have started taking advantage of these flaws. The MaximumASP security team has been monitoring Internet traffic to ensure no infected systems exist on our internal network, but we need your help to ensure all systems on the MaximumASP network remain safe and secure.
The exploit in question relies on the victim surfing to an infected website with a vulnerable browser. The easiest way to avoid being compromised by this particular vulnerability is to use an alternate to the Internet Explorer browser until Microsoft releases a patch to correct this issue. The MaximumASP Security team recommends using Firefox version 3 with the noscript module installed. The noscript module stops all javascript or other browser side executables from running on your system unless you explicitly whitelist a website. We recommend you install an alternate browser on any system that you use to surf the public Internet. This includes desktops, laptops, servers, home systems and work systems. As always, remember to follow Security Best Practices. You should NOT be using your production servers to surf the public Internet.
If you have any type of SQL injection issues with your code be on the lookout for attackers to inject malicious javascript or IFRAME links to vulnerable executables. This attack is very wide spread and moving through the Internet very quickly. If you use an alternate browser like Firefox you will not become a victim to this latest attack.
Links to Firefox and the Noscript module:
Firefox:
http://www.mozilla.com/en-US/firefox/
Noscript:
http://noscript.net/
Links to further information on this attack:
http://isc.sans.org/
http://www.shadowserver.org/wiki/
If you have any questions or concerns please feel free to call customer support or start a new ticket.
Thanks,
MaximumASP Security Team"
Kevin
===
"Recently, a zero-day exploit has been released that affects Microsoft’s Internet Explorer web browser. A zero-day exploit is one that takes advantage of security vulnerabilities before the software vendor or public knows the issue exists. In this case the exploit attacks flaws within all versions of Microsoft’s Internet Explorer web browser and could be used to take total control of the vulnerable system. As of today, Microsoft has not released a system patch to correct these vulnerabilities.
Within the last week, attackers on the public Internet have started taking advantage of these flaws. The MaximumASP security team has been monitoring Internet traffic to ensure no infected systems exist on our internal network, but we need your help to ensure all systems on the MaximumASP network remain safe and secure.
The exploit in question relies on the victim surfing to an infected website with a vulnerable browser. The easiest way to avoid being compromised by this particular vulnerability is to use an alternate to the Internet Explorer browser until Microsoft releases a patch to correct this issue. The MaximumASP Security team recommends using Firefox version 3 with the noscript module installed. The noscript module stops all javascript or other browser side executables from running on your system unless you explicitly whitelist a website. We recommend you install an alternate browser on any system that you use to surf the public Internet. This includes desktops, laptops, servers, home systems and work systems. As always, remember to follow Security Best Practices. You should NOT be using your production servers to surf the public Internet.
If you have any type of SQL injection issues with your code be on the lookout for attackers to inject malicious javascript or IFRAME links to vulnerable executables. This attack is very wide spread and moving through the Internet very quickly. If you use an alternate browser like Firefox you will not become a victim to this latest attack.
Links to Firefox and the Noscript module:
Firefox:
http://www.mozilla.com/en-US/firefox/
Noscript:
http://noscript.net/
Links to further information on this attack:
http://isc.sans.org/
http://www.shadowserver.org/wiki/
If you have any questions or concerns please feel free to call customer support or start a new ticket.
Thanks,
MaximumASP Security Team"
Comment