Last Updated: 2006-08-22 23:35:49 UTC
by Johannes Ullrich (Version: 1)
At this point, we recommend:
- Keep MS06-042 applied if you can. It fixes more bugs than it creates.
- If you are having problems with internal web sites that can no longer be used: Restrict MSIE to be used internally only.
- Use Firefox/Opera or other browsers for now.
- "SandboxIE" can be used to protect your system from damage caused via MSIE.
- If you establish a "No MSIE" policy, you can use the snort rule below to detect accidental policy violations.
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS \Links:
(content: "|0D 0A|User-Agent\: Mozilla/4.0 (compatible\; MSIE 6.0";)
http://isc.sans.org/diary.php?storyid=1611 (updated patch matrix)
http://research.eeye.com/html/alerts/AL20060822.html (EEye Alert regarding the code execution)
http://blogs.technet.com/msrc/archive/2006/08/16/447023.aspx (MSRC blog article regarding MS06-042 issue, dated Aug. 16th).
http://blogs.technet.com/msrc/archive/2006/08/22/448689.aspx (latest MSRC blog)