Systems running Internet Explorer and Microsoft Windows
Microsoft has released an important security update for Internet Explorer (IE). This update greatly reduces the impact of attacks against several vulnerabilities in IE.
Several vulnerabilities in IE could allow a malicious web site or HTML email message to install software on your computer. This software could be used to steal sensitive financial information or perform other actions. Recent incident activity has been referred to as Download.Ject, JS.Scob.Trojan, Scob, and JS.Toofeer.
Microsoft has released a security update for IE that provides increased protection against this type of attack. Note that this update may not prevent attacks in all cases.
Install Critical Update
Increase IE Security Settings
In addition, US-CERT strongly recommends that users modify IE security settings according to the instructions in the Malicious Web Scripts FAQ.
Further information is available from Microsoft in What You Should Know About Download.Ject.
- US-CERT Technical Alert TA04-184A - <http://www.us-cert.gov/cas/techalerts/TA04-184A.html>
- US-CERT Technical Alert TA04-163A - <http://www.us-cert.gov/cas/techalerts/TA04-163A.html>
- US-CERT Vulnerability Note VU#713878 - <http://www.kb.cert.org/vuls/id/713878>
- Malicious Web Scripts FAQ - <http://www.cert.org/tech_tips/malicious_code_FAQ.html>
- What You Should Know About Download.Ject - <http://www.microsoft.com/security/incident/download_ject.mspx>
- Increase Your Browsing and E-Mail Safety - <http://www.microsoft.com/security/incident/settings.mspx>
- Working with Internet Explorer 6 Security Settings - <http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx>