microsoft.com/technet/security/advisory/) give detailed workaround
steps to protect from vulnerabilities before the security update is available. Both are
available as RSS feeds and are low-noise sources of up-to-date, relevant security guidance
and intelligence.
Run Internet-Facing Applications
with Reduced Privileges
Even with all security updates applied and having reviewed the latest security information
available, you still might be the target of an attack abusing a previously unknown
vulnerability or a particularly clever social-engineering scam. You might not be able to
prevent the attack, but there are several ways you can prevent the payload from running.
First, Internet Explorer 7 on Windows Vista runs by default in Protected Mode. This
means that IE operates at low rights even if the logged-in user is a member of the Administrators
group. More specifically, IE will be unable to write to the file system or registry
and will not be able to launch processes. Lots of magic goes on under the covers and you
can read more about it by browsing the links in the references. One weakness of Protected
Mode is that an attack could still operate in memory and send data off the victim
workstation over the Internet.
Pages:
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696