CERT has issued a warning for
users of Internet Explorer. There is a vulnerability that allows users to exploit scripts in different security domains. A malicious hacker could run the script in the Local Machine Zone, and execute arbitrary code with your user privileges.
There are some recommended workarounds:
- Disable Active Scripting and ActiveX
- Apply the Outlook Security Patch (You are patching your machines regularly, aren't you?)
- Read and send email in plain text
- Maintain updated anti-virus software
- Do not follow uncolicted links
- Use a different browser
The CERT page has instructions on disabling ActiveX and Active Scripting. If you opt to get a different browser, DBR recommends Mozilla.
Note: We have also put this message in a one-time pop-up for IE users.