New IE7 security exploit in the wild

« DNS Trojan on the loose. . . | Main | NoScript: A tool for securing your computer against web browser-based attacks »


New IE7 security exploit in the wild

Kevin R. Smith

News yesterday from our friends at and WebSense, who bring the latest news on an IE7 Zero Day security exploit.

Looks like some folks have already taken advantage of a Taiwanese search engine "," which has apparently had at least several hundred pages infected, and are trying to use that site download a file called ieupdate.exe

For those of you who think you're not affected because you only surf "trusted" sites, think again:
"This issue could impact you even if you avoid surfing questionable sites. Over the past few months, we've seen a surge in SQL injection attacks which enable miscreants to inject content onto trusted sites (we even blogged about the technique a few months ago). This class of attack, along with other more classical forms of website intrusion mean that even trusted sites can end up serving malicious content causing you to get infected."

Concerned readers should have a look at the official Microsoft Malware Protection Centre report for details as well as recent Clarifications on the workarounds from Microsoft on the IE advisory.

The Options for minimizing risk offered by recommends several things that are a good idea generally but especially so right now:
  • TURN UAC BACK ON (Available in Vista)
  • Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones (Tools >> Internet Options >> Security
  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone (Tools >> Internet Options >> Security)
  • Enable Data Execution Prevention for Internet 7 (Tools >> Internet Options >> Advanced >> then turn on "Enable memory protection") to help mitigate online attacks.
  • Use ACL to Disable OLEDB32.DLL.
  • Unregister OLEDB32.DLL (Technet security bulletin has details).
  • Disable Data Binding support in Internet Explorer 8.
Their post goes on to say:

"You can also try blacklisting the bad domains (details here and here) but to be honest, using blacklist protection is like playing an unwinnable game of whack-a-mole.  Do what you can to mitigate risk by adjusting your browser settings, and for heavens sake turn UAC back on!!"

Thanks to MSMVPs for putting together this excellent list of recommendations.


TrackBack URL for this entry:

Listed below are links to weblogs that reference New IE7 security exploit in the wild :


You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.