The Budd report tonight

On December 12, 2008, in Security, by

The Microsoft Security Response Center (MSRC) : Friday update for Microsoft Security Advisory 961051:
http://blogs.technet.com/msrc/archive/2008/12/12/friday-update-for-microsoft-security-advisory-961051.aspx
Microsoft Security Advisory (961051): Vulnerability in Internet Explorer Could Allow Remote Code Execution:
http://www.microsoft.com/technet/security/advisory/961051.mspx

The Budd report is out tonight with the latest on the zero day IE along with the SWI blog’s workaround:

Security Vulnerability Research & Defense : Clarification on the various workarounds from the recent IE advisory:
http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx

The key element is that you know and make appropriate risk measures accordingly:

1.  Decide that your clients/firm/you are at risk and thus you need to take mitigation steps of either not using IE or adjusting IE to be more restrictive, consider blocking web sites as needed, etc.

2.  Decide that your clients/firm/you are at a moderate risk and thus you will watch the impact over the weekend and take no action at this time.

3.  Decide that you will turn the computer off this weekend and go have fun doing Christmas stuff.  A turned off computer is the most secure kind.

(1)Christopher Budd is the voice of MSRC on the monthly webcasts

 

 

One Response to The Budd report tonight

  1. Dean says:

    I’m having my users use the free Moka Five Fearless Browser to go to any non business realted web sites. That way if they catch anything it will be trapped in the virtual machine.