Microsoft IE Default Install (SANS)

2003-03-29T00:00:00
ID OSVDB:3107
Type osvdb
Reporter OSVDB
Modified 2003-03-29T00:00:00

Description

Vulnerability Description

Microsoft Internet Explorer (MSIE) is the default web browser installed on Microsoft Windows platforms. MSIE has a long history of critical security vulnerabilities that make even the most casual web browsing a high risk activity for everyone including home users. Through the use of these vulnerabilities, malicious web pages can be created that pose a significant threat. The results of browsing such pages include information theft, credential theft, execution of arbitrary commands and code, overwriting files and worse.

Solution Description

The most important action one can take for helping to maintain Internet Explorer security is to stay current with patches. Microsoft frequently releases "IE Cumulutive Patches" that address dozens of vulnerabilities. These must be applied as soon as they are available.

Users may also change configuration settings for their browsers to disable ActiveX scripting, set various options to "prompt" you for permission before performing actions, and disabling unsigned or untrusted content.

It is also recommended that users run the free Microsoft Baseline Analyzer (MSBA) tool to help test system integrity. Due to various IE bugs and methods for subverting web browsing, it is further recommended that you run a tool such as Ad-Aware or Spybot to ensure that no malicious content has been snuck onto your system.

Short Description

Microsoft Internet Explorer (MSIE) is the default web browser installed on Microsoft Windows platforms. MSIE has a long history of critical security vulnerabilities that make even the most casual web browsing a high risk activity for everyone including home users. Through the use of these vulnerabilities, malicious web pages can be created that pose a significant threat. The results of browsing such pages include information theft, credential theft, execution of arbitrary commands and code, overwriting files and worse.

References:

Vendor Specific Solution URL: http://www.microsoft.com/technet/security/tools/mbsaqa.asp Keyword: SANS Top 20 2003 Windows Issue #04 Keyword: SANS Top 20 2002 Windows Issue #08 Generic Informational URL: http://www.sans.org/top20/#w4 Generic Informational URL: http://www.safer-networking.org/ Generic Informational URL: http://www.microsoft.com/windows/ie/default.asp Generic Informational URL: http://www.lavasoftusa.com/software/adaware/ Generic Informational URL: http://www.sans.org/top20/oct02.php#W8 Generic Exploit URL: http://browsercheck.qualys.com/