evilrouters.net

Secunia Research has publicly reported another 0-day vulnerability in Internet Explorer. Microsoft apparently confirmed (with Secunia) the vulnerability on February 21st, but no patch during the March release. A “confirmation” of the vulnerability has been posted on the Microsoft Security Response Center Blog as well. They didn’t come right out and say it, but if you read between the lines…

The Internet Storm Center has raised the Infocon level to yellow, as they report seeing at least one proof-of-concept exploit (which fires up calc.exe).

The workaround is to disable Active Scripting in IE, but I’m wondering what all this is going to break. I’d love to be able to do it in my environment, but I can’t just blindly do that without understanding the repercussions. Any ideas? Thanks.