Internet Explorer “CreateTextRange” Vulnerability
Tuesday March 28, 2006
Last week, a vulnerability in Internet Explorer was discovered that could lead to remote code execution. The specific flaw is discussed in Microsoft Security Advisory (917077). This week, the media and some security vendors are hinting strongly that Microsoft should release an out-of-cycle security patch, prior to the April 11th scheduled release. But with normal, good security practices, the 'CreateTextRange' vulnerability should pose little to no problem for users.
Specifically, disable active scripting in the Internet and Local Intranet Zones. To access the security zones, open Internet Explorer, choose Tools | Internet Options, then click the Security tab. Make sure the icon for the Internet zone is highlighted, then click the "Default Level" button, click Apply, and click OK. Repeat these steps to configure the Local Intranet Zone.
This is good practice for everyday use. Those sites that are known good and which require active scripting can be specifically added to the Trusted Sites Zone. See the article "Securing Internet Explorer" for more best practice tips on configuring the security zones.
Specifically, disable active scripting in the Internet and Local Intranet Zones. To access the security zones, open Internet Explorer, choose Tools | Internet Options, then click the Security tab. Make sure the icon for the Internet zone is highlighted, then click the "Default Level" button, click Apply, and click OK. Repeat these steps to configure the Local Intranet Zone.
This is good practice for everyday use. Those sites that are known good and which require active scripting can be specifically added to the Trusted Sites Zone. See the article "Securing Internet Explorer" for more best practice tips on configuring the security zones.
No comments yet. Leave a Comment