MS pulled the Workarounds from the Security Advisory page when the patch
was released and I'm not aware of the "XML Island" workaround being
available anywhere else (though you might try a thorough & careful Google
search).
While I can point you to a blog entry about how to Undo the "XML Island"
workaround, I don't think it'd help you. So I supposed your best bet
would
be the limited amount of info here, Jim:
http://blogs.technet.com/swi/archiv...-workarounds-from-the-recent-IE-advisory.aspx
I should note that while there are an ever-increasing number of webpages
out there which take advantage of this now-patched vulnerability, it's
highly unlikely that an informed user who practices Safe Hex (and doesn't
go to p0rn sites and doesn't click on "See the dancing pigs!" links,
etc.)
will encounter them. YMMV, of course, since there's no such thing as a
100% safe browser or OS.
For the record, support for Win9x ended on 11 July 2006 and no further
security updates will be released for these OSS. To be as safe as
possible
and running a Windows PC, upgrade to WinXP SP3 or higher.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin
http://aumha.net
DTS-L
http://dts-l.net/
I am supposing that the win98+ crowd will not get an security update. Is
this correct? What if anything should we do for the mitigating
workarounds?
I found this key:
HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}
The default value is: "MsxmlIsland"
Should we make it, "" a blank or what? Any Ideas?
Microsoft Security Bulletin MS08-078 - Critical: Security Update for
Internet Explorer (960714):
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
PA Bear [MS MVP] wrote:
Microsoft Security Bulletin Advance Notification for December 2008
<QP>
This is an advance notification of an out-of-band security bulletin
that
Microsoft is intending to release on December 17, 2008.
</QP>
Source:
