Microsoft have been getting a lot of press (here , here and here) about security vulnerability KB979352 in Internet Explorer that was used by Chinese Hackers to breach Googleâ€™s security and gain access to anti-china protestors email accounts and other private data. As a result Microsoft have now released a security advisory for IT professional listing multiple ways to mitigate this security issue before they release a patch (which they are rushing to get out).
One of the ways listed to mitigate this issue on IE6 (other than not running IE6) is to configure Active Scripting to either be disabled or set to prompt. Now this is pretty easy for one user to change this setting manually but for large organisation (like Google) performing this workaround on the many thousandâ€™s of computers would be very time consuming.
So to make this change in Group Policy open the Group Policy Object (GPO) that is targeted on your user accounts and navigate to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page and then under the â€œLocal Intranetâ€ and â€œInternetâ€ configured the â€œAllow Active Scriptingâ€ option to â€œDisableâ€ or â€œPromptâ€ (see image below).
Now if you do configure this option it is likely that some legitimate sites on the locally and on the Internet may break so workaround that issue you can explicitly add them to â€œTrusted Sitesâ€ zone. To do this again open the Users GPO and navigate to the Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page and then open the â€œSite to Zone Assignment List â€ setting and click â€œEnabledâ€ then click the â€œShowâ€ button.
Then type the full URL in the â€œValue Nameâ€ field and a â€œ2â€ in the â€œValueâ€ field for each site you want to run the Active Scripts.
Now according to Microsoft your browser should be configured to mitigate this security vulnerability.
For more information about the security vulnerability see the Microsoft Advisory at http://www.microsoft.com/technet/security/advisory/979352.mspx.
Disclaimer: I do not accept any liability what so ever for the information in this article. Please use this information at your own risk.