Microsoft Security Advisories
28/12/05 - Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
There is an unpatched vulnerability in the Microsoft Graphics Rendering engine which is allowing attackers to take control of users system. There are a number of exploits which are currently using the vulnerability to install viruses and spyware on to users systems. If you are managing you own system then please read the Microsoft security bulletin and implement the work around that they suggest.
22/11/05 - Microsoft Security Advisory (911302)
Vulnerability in the way Internet Explorer Handles onLoad Events Could Allow Remote Code Execution
There is an unpatched vulnerability in Internet Explorer at the moment which could allow an attacker to gain the same rights as the local user when browsing web sites with IE. As proof of concept code has been publicly released Central IT support will be implementing the following workarounds on Centrally Managed Desktop & Laptop systems.
Disable Active Scripting in the Internet and Local intranet security zones
This may stop a number of web sites from working. If you find that a web site stops working as expected then add the web site address to the IE Trusted Zone.
This is accomplished by the following procedure.
- In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
- In the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.
- If you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.
- In the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.
- Repeat these steps for each site that you want to add to the zone.
- Click OK two times to accept the changes and return to Internet Explorer.
If you can't get the web site to display after you have added it to the Trusted Zone then please email email@example.com
If you manage your own system then please read the following Microsoft Security Advisory and implement the recommended work arounds until a patch is released.