"Some legitimate Web sites were maliciously modified to include the exploits," said Microsoft's Ziv Mador and Tareq Saade in a posting on Microsoft's Malware Protection Center Blog. They went on to note that, "a significant number of users have been affected."
With exploit code now publicly available, the threat will grow in the coming days and weeks. To mitigate the attack, Microsoft recommends that users be configured without administrator rights. Users whose accounts are configured to have fewer user rights on the system will have additional protections in place to prevent the installation of rootkits and key loggers, as well as other potential malicious activities.
"There is no longer any practical reason that an organization should configure its users to run with administrative rights," said John Moyer, CEO, BeyondTrust. "We have worked with hundreds of companies who were fed up with their exposure to malware and have responded by implementing the security best practice of Least Privilege in their Windows environments. By removing admin rights, these companies have experienced a drastic reduction in malware and greater protection from zero-day threats like the latest IE attack, which impacts the vast majority of IE users."
Microsoft's recommendation comes on the heels of a growing trend among organizations to remove administrator rights from users. By configuring users as standard users, malware can no longer leverage administrative privileges through various Microsoft security vulnerabilities to compromise corporate networks and data. One example of the trend in organizations to remove admin rights is the federal government's recent mandate prohibiting federal employees from logging into XP and Vista as administrators.
