3 Replies Latest reply on Sep 27, 2013 1:16 AM by asabban

    IE Vulnerability

    apellepa

      Can MWG7.x mitigate CVE-2013-3893 (MSHTML Shim Workaround) ?

      http://technet.microsoft.com/en-us/security/advisory/2887505

        • 1. Re: IE Vulnerability
          andyclements

          There is very little in the either the MS article or the CVE that would say what is actually happening to help us with writing any rules for this.  The mitigation steps that MS lists are all pertaining to running a more restricted set of settings in the browser.  From what I can tell though it has something to do with ActiveX.  You can create a rule that would block ActiveX objects, but that I just a guess based on the little info I have seen.

          • 2. Re: IE Vulnerability
            apellepa

            How to block ActiveX in 7.x ?

            I was not found such type (ActiveX) in media type.

            • 3. Re: IE Vulnerability
              asabban

              Hello,

               

              in the rule set library that ships with the product there should be a rule set called "HTML Filter". I think it contains rules to block ActiveX. You could use them as a template.

               

              Best,

              Andre