It won't take more than a few minutes to close a security hole in Internet Explorer that allowed attacks against Google. We show you how.
Microsoft has confirmed that an IE vulnerability was at fault for the Google attacks.
The security advisory notes that IE 5.01 running on Windows 2000 was not vulnerable to the attack, but that IE6, IE7 and IE8 on Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2 are all at risk.
As of yet, you can't completely close the security hole.
However, there are ways to limit your exposure, notably using Protected Mode in IE on Windows Vista and Windows 7, and enabling Data Execution Protection (DEP).
Changing your IE security zone to 'High' will help as well.
Protected Mode in IE 7 on Windows Vista and later significantly reduces the ability of an attacker to impact data on a user's machine.
Customers should also enable Data Execution Prevention (DEP) which helps mitigate online attacks. DEP is enabled by default in IE 8 but must be manually enabled in prior versions.
Customers can also set internet and local intranet security zone settings to 'High' to prompt before running ActiveX Controls and Active Scripting in these zones or configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the internet and local intranet security zone.
Unfortunately, though, he doesn't detail how to do that. However, it's all relatively straightforward to do. Here's how.
Turning on Protected Mode
Turning on Protected Mode in IE 7 and IE 8 is exceedingly simple. Select Tools, then Internet Options, and click the Security Tab.
Then check the box next to Enable Protected Mode, as you can see in the screenshot above. You'll have to restart IE for it to take effect.
NEXT PAGE: Changing your security zone
- We show you how to close the hole in Microsoft's web browser
- Changing your security zone