Unofficial fix for Internet Explorer MSDDS vulnerability
A French "security" company that sells security solutions has released a fully
functional "proof-of-concept" zero-day exploit that attacks an Internet Explorer
ActiveX vulnerability in to the public. Microsoft has not had a chance to
release a patch yet and the next normal update cycle isn't due until three weeks
from now on 9/13/2005. For the time being, Microsoft has issued some
temporary workarounds and one of the better options is to keep the MSDDS
ActiveX control from loading in Internet Explorer in the first place.
According to Microsoft, this particular method has no adverse affects.
Unfortunately, it's a little hard to understand and you also have to read this
document on how to set the
kill-bit for ActiveX controls in Internet Explorer. To make it easier
on you, I'm going to provide the following scripts to help you automate this
simple yet effective lockdown that will protect you from this MSDDS zero-day exploit.
I also provide an script to re-enable MSDDS so that you can undo the kill-bit
Disclaimer: I take no responsibility for any problems you might
have with the following script. If you use it, you take full
responsibility for it.
This script will give you temporary protection against this zero-day exploit.
This script will re-enable MSDDS. It should be safe to do this after
Microsoft releases the official patch.
As always, you should inspect any script before you run it. You can run these
individual PCs or you can deploy them throughout an enterprise with logon
scripts or Active Directory group policies.