Important Internet Explorer Update Available

Systems Affected

Systems running Internet Explorer and Microsoft Windows

Overview

Microsoft has released an important security update for Internet Explorer (IE). This update greatly reduces the impact of attacks against several vulnerabilities in IE.

Description

Several vulnerabilities in IE could allow a malicious web site or HTML email message to install software on your computer. This software could be used to steal sensitive financial information or perform other actions. Recent incident activity has been referred to as Download.Ject, JS.Scob.Trojan, Scob, and JS.Toofeer.

Microsoft has released a security update for IE that provides increased protection against this type of attack. Note that this update may not prevent attacks in all cases.

Resolution

Install Critical Update

US-CERT recommends that users install the update from the Microsoft Download Center (KB870669) or the Windows Update web site.

Increase IE Security Settings

In addition, US-CERT strongly recommends that users modify IE security settings according to the instructions in the Malicious Web Scripts FAQ.

Further information is available from Microsoft in What You Should Know About Download.Ject.

References

US-CERT Technical Alert TA04-184A – <http://www.us-cert.gov/cas/techalerts/TA04-184A.html>

US-CERT Technical Alert TA04-163A – <http://www.us-cert.gov/cas/techalerts/TA04-163A.html>

US-CERT Vulnerability Note VU#713878 – <http://www.kb.cert.org/vuls/id/713878>

Malicious Web Scripts FAQ – <http://www.cert.org/tech_tips/malicious_code_FAQ.html>

What You Should Know About Download.Ject – <http://www.microsoft.com/security/incident/download_ject.mspx>

Increase Your Browsing and E-Mail Safety – <http://www.microsoft.com/security/incident/settings.mspx>

Working with Internet Explorer 6 Security Settings – <http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx>

Author: Art Manion