IE 0-Day 相关信息更新 (Advisory 961051)

大家好，我是 Richard Chen.

微软已经更新关于 IE 0-day 的相关信息。
受影响的产品包含安装在受支援的操作系统 XPSP2 ~ Windows 2008 上面的 IE 5.01 ~ IE8 Beta2。

目前已知的九种不同的变通方法为：
-  Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones
-  Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
-  Disable XML Island functionality
-  Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL 
-  Disable Row Position functionality of OLEDB32.dll
-  Unregister OLEDB32.DLL
-  Use ACL to disable OLEDB32.DLL
-  Enable DEP for Internet Explorer 7 on Windows Vista and on Windows Server 2008
-  Disable Data Binding support in Internet Explorer 8 Beta 2

相关技术细节请参考 Advisory 961051.
特别需要注意的是，您可以参考以下文章来判断哪一种变通方法适合您的环境。
Clarification on the various workarounds from the recent IE advisory

除了密切观察互联网上的情况外，微软也正积极开发测试相关安全补丁以保护所有使用者。
关于 IE 0-Day 其他信息您可以参考以下链节：

- Microsoft Security Advisory 961051 (English)
- Microsoft Security Advisory 961051 (Chinese)
- Microsoft Security Response Center (MSRC) Blog
- Microsoft Malware Protection Center (MMPC) Blog
- Security Vulnerability Research & Defense Blog

Richard Chen
大中华区软件安全项目经理