Systems running Internet Explorer and Microsoft Windows
Microsoft has released an important security update for Internet Explorer (IE). This update greatly reduces the impact of attacks against several vulnerabilities in IE.
Several vulnerabilities in IE could allow a malicious web site or HTML email message to install software on your computer. This software could be used to steal sensitive financial information or perform other actions. Recent incident activity has been referred to as Download.Ject, JS.Scob.Trojan, Scob, and JS.Toofeer.
Microsoft has released a security update for IE that provides increased protection against this type of attack. Note that this update may not prevent attacks in all cases.
Install Critical Update
US-CERT recommends that users install the update from the Microsoft Download Center (KB870669) or the Windows Update web site.
Increase IE Security Settings
In addition, US-CERT strongly recommends that users modify IE security settings according to the instructions in the Malicious Web Scripts FAQ.
Further information is available from Microsoft in What You Should Know About Download.Ject.
- US-CERT Technical Alert TA04-184A – <http://www.us-cert.gov/cas/techalerts/TA04-184A.html>
- US-CERT Technical Alert TA04-163A – <http://www.us-cert.gov/cas/techalerts/TA04-163A.html>
- US-CERT Vulnerability Note VU#713878 – <http://www.kb.cert.org/vuls/id/713878>
- Malicious Web Scripts FAQ – <http://www.cert.org/tech_tips/malicious_code_FAQ.html>
- What You Should Know About Download.Ject – <http://www.microsoft.com/security/incident/download_ject.mspx>
- Increase Your Browsing and E-Mail Safety – <http://www.microsoft.com/security/incident/settings.mspx>
- Working with Internet Explorer 6 Security Settings – <http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx>
Author: Art Manion
Copyright 2004 Carnegie Mellon University. Terms of use
Last updated
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-41940 WebPros…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-1708 ConnectWise ScreenConnect Path…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
This website uses cookies.