New IE Vulnerability and Workaround Silliness ![Rated Excellent [5 out of 5].](/WebLog/Themes/default/images/Star5.gif)
On Friday, Microsoft released a security advisory about a new nasty floating around that targets IE: A COM Object (Javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit. It should be no surprise that it has to do with the fact that IE runs ActiveX/COM components.
The fun part, of course, is that among the workarounds recommended is that you set your security settings for the Internet and Intranet zones to High. Good advice, except that disables the ability to read the advisory since then you are no longer able to click on the links that expand the text to read the different parts of the advisory. Sigh. Oh, and things like Windows Update and lots of stuff on MSDN no longer works. Aargh.
The advisory also lists the workarounds as though you should do them all, even though they are redundant and conflicting, such as these (both of which breaks apps that use the Microsoft Java VM):
- Unregister the Javaprxy.dll COM Object
- Modify the Access Control List on Javaprxy.dll to be more restrictive
Sigh. Once again Microsoft is telling us that we have to break many of its IE apps and make its sites unusable in order to be protected against threats. Granted, this is a first reaction advisory, and hopefully a more satisfactory fix will be available soon. Too bad we won't be able to get it from Windows Update when it is available!
The solution is to fix IE. Hopefully the upcoming IE 7 will fix this kind of problem once and for all.
Update: Oops! And with security set to High I also cannot validate that my Windows is Genuine Microsoft Software when I download something from a Microsoft site. So, to validate Windows I have to lower my security settings. Now that makes a lot of sense! Not.