Workarounds Available for Zero-Day Vulnerability

News of the vulnerability spread last week when Maurycy Prodeus of iSec Security Research posted information about the vulnerability on the Web. According to Microsoft's advisory, the vulnerability is due to the way VBScript interacts with Windows Help files when using Internet Explorer.

To address the issue, Microsoft made a number of suggestions, including restricting access to the Windows Help system. The company warned however that if the Windows Help System is rendered unavailable, users may not be able to leverage the help function in applications. The company also suggested user change the local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting, and avoid pressing the F1 key if they are prompted to by a Web site.

Microsoft served up a handful of workarounds to plug a security hole caused by an unpatched zero-day on March 1st.

View Article



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Microsoft® Office 365 is a top choice for enterprises that want a cloud-based suite of productivity/ collaboration applications. With Office 365, you get access to Microsoft™ Office solutions practically anytime, anywhere, on virtually any device. It's a great option for current Microsoft users who can now build on their experience with Microsoft™ solutions while enjoying the flexibility of a cloud-based delivery. But even organizations with no previous investment in Microsoft will find that …

  • Live Event Date: July 28, 2016 @ 1:00 p.m. ET / 10:00 a.m. PT Jepsen tests are third-party tests for distributed databases that validate vendors' guarantees about how they perform under various failure scenarios, especially network partitions. These have proven their value as tools in any distributed system tester's arsenal. When the creator of Jepsen, Kyle Kingsbury, started his Jepsen-for-Hire business last fall, VoltDB immediately got in line, and over the past two months, our solution was given the most …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date