The latest Microsoft IE vulnerability: a small tool to prevent JS Trojans

Yesterday, major websites released critical 0-day vulnerabilities in IE 7. Attackers may exploit these vulnerabilities to remotely intrude into and completely control the system. So far, Microsoft has not released any patches. is referred to as "Microsoft replays the shocking vulnerability to access the Internet and read emails ".

Today, we can see that the tombkeeper blog has provided a small tool to prevent Trojans Based on the JS HeapSpray technology. The installation and uninstallation are very simple and they are also available for everyone!

Program description:

The advantage is that it is fast, basically does not occupy memory, and there is basically no problem of anti-virus software false positives. It is easy to use and can protect all IE processes without worrying about it after installation. It is not only valid for IE7 and IE8, but also for IE6.

Note:

1. Protecting against the current IE vulnerability is basically effective for other Trojans and webpages on the Internet based on the JS HeapSpray technology.

2. attacks that do not use the HeapSpray vulnerability are invalid.

3. If a vulnerability exists in your system and you accidentally access a trojan webpage that uses the vulnerability, IE will crash and quit due to the protection of this applet, but will not go to Trojans.

Installation Method: Download http://www.xfocus.net/tk/tkbho.zipto decompress the file. Install. cmd in the running directory to complete the installation.

Uninstall method: Close all IE Windows and run uninstall. cmd in the directory.

The above method comes from:

Http://hi.baidu.com/tombkeeper/blog/item/d48412e9f9d07b38b90e2d09.html

The following are temporary solutions provided by aligreennet.

* Do not use the IE 7 browser for the moment. You can use Opera or Firefox.

* Disabling JavaScript in IE Security Settings may make it more difficult for attackers to exploit the vulnerability, although it cannot prevent the vulnerability from being triggered.

* Enable the system data protection function for IE:

My computer-> properties-> advanced-> Performance-> Settings-> Data Execution Protection

Select "enable Data Execution Protection for all programs and services except selected"

Check that "Internet Explorer" is not checked in the following box.

* Upgrade the antivirus software virus database to the latest version.

We strongly recommend that you do not use IE 7 for the time being. Instead, you should use non-IE core Web browsers such as Firefox and Opera, and pay close attention to Microsoft's security updates and aligreennet's websites, install the patch in time after the patch is released to eliminate the vulnerability impact.

repair tools provided by security guard (recommended)