IE 0-Day 相关信息更新 (Advisory 961051)

  • Article

大家好,我是 Richard Chen.

微软已经更新关于 IE 0-day 的相关信息。
受影响的产品包含安装在受支援的操作系统 XPSP2 ~ Windows 2008 上面的 IE 5.01 ~ IE8 Beta2。

目前已知的九种不同的变通方法为:
Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones
 Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
Disable XML Island functionality
Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL 
Disable Row Position functionality of OLEDB32.dll
 Unregister OLEDB32.DLL
 Use ACL to disable OLEDB32.DLL
 Enable DEP for Internet Explorer 7 on Windows Vista and on Windows Server 2008
 Disable Data Binding support in Internet Explorer 8 Beta 2

相关技术细节请参考 Advisory 961051.
特别需要注意的是,您可以参考以下文章来判断哪一种变通方法适合您的环境。
Clarification on the various workarounds from the recent IE advisory

除了密切观察互联网上的情况外,微软也正积极开发测试相关安全补丁以保护所有使用者。
关于 IE 0-Day 其他信息您可以参考以下链节:

- Microsoft Security Advisory 961051 (English)
- Microsoft Security Advisory 961051 (Chinese)
- Microsoft Security Response Center (MSRC) Blog
- Microsoft Malware Protection Center (MMPC) Blog
- Security Vulnerability Research & Defense Blog

Richard Chen
大中华区软件安全项目经理