Riaan GouwsMicrosoft said that a critical zero-day vulnerability has been found in Internet Explorer, right from IE6 to IE11, that allows cyber-criminals to exploit it using Drive-by attacks.
Drive-by download attacks occur when vulnerable computers get infected by just visiting a website. It’s accepted that Drive-by download attacks continue to be many attackers’ favourite type of attack. This is because the attack can be easily launched through injection of a malicious code to legitimate websites. Once injected, malicious code may exploit vulnerabilities in operating systems, web browsers and web browser plugins such as Java, Adobe Reader and Adobe Flash. The initial code that gets downloaded is usually small. But once it lands on your computer, it will contact another computer and pull the rest of the malicious coder to your system.
Microsoft is expected to release a patch for this vulnerability very soon. But it will be available for supported operating systems. It will not be available for Windows XP as this operating system is no longer supported. This will leave Windows XP users exposed to risks.
Workarounds
Apart from following other steps to secure their Windows XP, users may do the following to mitigate this issue, till a patch to fix it is released:
1.Disable the Flash plug-in within IE
2.Do not click on any doubtful links and immediately close IE if they find something suspicious
3.Use Microsoft’s anti-exploit tool – Enhanced Mitigation Experience Toolkit
4.Unregister the vgx.dll file. Go here to read how to unregister dll files in Windows.
5.Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting
6.Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
7.Consider using an alternative browser on your Windows XP.
HACK FREE ZONE - SMB RESOURCES 