IE Trusted Domain Default Settings Facilitate Silent Installation of Exe

From: Greg Kujawa (anonymous_at_discussions.microsoft.com)
Date: 12/30/03


Date: Tue, 30 Dec 2003 07:56:29 -0800

This might sound saracastic but it isn't intended to be.
In order to address this wouldn't you just enter the
Trusted zone in the settings and adjust the default
settings to be stricter (or even custom)?

I agree by default IE should install with stricter
security settings for Intranet, Internet, Restricted, and
Trusted zones. Similar to how Windows XP shipped with lax
default security settings in many areas.

But a fix for this is simply publishing suggested settings
and providing navigational details to where you can change
these settings. Right?

>-----Original Message-----
>An exploit method was reported in Microsoft Internet
>Explorer, illustrating IE's weak default settings for the
>'Trusted Site' security zone. A remote user can create
HTML
>that will cause an arbitrary executable to be silently
>downloaded to and installed on a target user's system.
>
>http://www.securitytracker.com/alerts/2003/Dec/1008558.htm
l
>
>I hope this is addressed very quickly.
>.
>



Relevant Pages

  • Re: nfuse ica download error
    ... key from XP Pro where you had that system working. ... And for test purposes I did set it to a trusted zone and it comes up as a trusted zone ... >>>>when I go to launch an application from the citrix I get an error about the security settings do not allow this. ... >>>> "Eliminate annoying spam! ...
    (microsoft.public.windowsxp.embedded)
  • Re: nfuse ica download error
    ... this patch doen't solve the problem with the nfuse server, ... And for test purposes I did set it to a trusted zone and it comes up as a trusted zone however ... >>when I go to launch an application from the citrix I get an error about the security settings do not allow this. ... >>updating the database to the latest and then not only cannot I not download citrix applications but I cannot install flash player ...
    (microsoft.public.windowsxp.embedded)
  • Re: ZoneAlarm 3 question
    ... > IŽll check the logs for any unusual entries and will post them if found. ... >> you said your settings are, and what my settings are. ... >> If you drop Trusted Zone security to Low, ...
    (comp.security.firewalls)
  • Re: Unable to run active x controls
    ... Your settings may very well be a good thing. ... useful for dropping sites into the Trusted Zone. ... Microsoft Internet Explorer 5 Power Tweaks Web Accessories: ... I recommend strict settings on ActiveX and java to avoid drive-by ...
    (microsoft.public.security)
  • Re: Medium setting in IE ok for home user?
    ... zone - make sure that you set the trusted Zone to Medium. ... I use IE in this mode until I find a site I trust and then add it to my ... have not had to worry about most sites using it's default settings. ...
    (comp.security.firewalls)