Thursday, September 20, 2012
I was sitting next to Rafal Los at ConSec 2012 and he showed me the official statement from Microsoft on their latest IE 0-Day.
Microsoft's recommendation? Make sure you keep your Anti-Virus updated.
With ANY flaw like this one that affects all IE versions, the ONLY prudent action to take is DO NOT USE THAT BROWSER UNTIL IT IS FIXED!!!!
The proper response from Microsoft should be "Microsoft is working diligently on the issue and will push out an update as soon as one is available, in the meantime use an alternative browser like FireFox, Chrome or Safari."
Get real Microsoft.. Anti-Virus/Anti-Malware does NOTHING for a flaw in your browser design.