Important Internet Explorer Update Available

Systems running Internet Explorer and Microsoft Windows

Microsoft has released an important security update for Internet
Explorer (IE). This update greatly reduces the impact of attacks
against several vulnerabilities in IE.

Several vulnerabilities in IE could allow a malicious web site or HTML
email message to install software on your computer. This software
could be used to steal sensitive financial information or perform
other actions. Recent incident activity has been referred to
as Download.Ject, JS.Scob.Trojan, Scob, and JS.Toofeer.

Microsoft has released a security update for IE that provides
increased protection against this type of attack. Note that this
update may not prevent attacks in all cases.

Resolution

Install Critical Update

US-CERT recommends that users install the update from the
Microsoft Download Center (KB870669) or the Windows Update web site.

Increase IE Security Settings

In addition, US-CERT strongly recommends that users modify IE security settings according to the instructions in the Malicious Web Scripts FAQ.

Further information is available from Microsoft in What
You Should Know About Download.Ject.

References

• US-CERT Technical Alert TA04-184A - <http://www.us-cert.gov/cas/techalerts/TA04-184A.html>
• US-CERT Technical Alert TA04-163A - <http://www.us-cert.gov/cas/techalerts/TA04-163A.html>
• US-CERT Vulnerability Note VU#713878 - <http://www.kb.cert.org/vuls/id/713878>
• Malicious Web Scripts FAQ - <http://www.cert.org/tech_tips/malicious_code_FAQ.html>
• What You Should Know About Download.Ject - <http://www.microsoft.com/security/incident/download_ject.mspx>
• Increase Your Browsing and E-Mail Safety - <http://www.microsoft.com/security/incident/settings.mspx>
• Working with Internet Explorer 6 Security Settings - <http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx>

Author: Art Manion

Copyright 2004 Carnegie Mellon University.
Terms of use

Revision History

• July 2, 2004: Initial release
  

Last updated