There's little info on just how serious a threat this is to most of us likely to be here.

It appears that nearly all attacks have been in China, Taiwan, and other Asian areas, but of course reports are that it has been "growing" quite rapidly. Reports indicate that a server in Taiwan has been the most prolific "propagator."

A couple of reports have indicated that the "payload" downloaded by all known successful exploits is aimed at finding "access codes" for game programs, but it is warned that other exploits could appear.

McAfee, and others, indicate that the payload signature seen thus far is blocked/removed by their AV programs, and that the actual trojan being used in the exploits thus far seen is several years old (ca. 2005). Most sites offering this assurance add the obligatory warning that new payloads could use the exploit.

Microsoft suggests that if you're concerned you should set security in IE to High (Tools|Internet Options, Security Tab, in Internet Zone push the slider all the way to the top. You should also be sure that there's a check in the box for "Enable Protected Mode").

Setting the security level to high may give you lots of warnings and requests for permissions on some sites, but you can eliminate those for sites you really trust by adding them to the "Trusted Sites" list (Tools|Internet Options|Privacy tab, Sites button).

IF YOU SET THE SECURITY LEVEL UP to maximum, you'll want to add two Microsoft sites to the trusted list or you won't get updates:

*.windowsupdate.microsoft.com

and

*.update.microsoft.com

(Both of these will appear with "Always Allow" in the sites box as microsoft.com, but you're advised to add them each separately, as indicated, by the Microsoft IT bulletin.)

The security setting is indicated by Microsoft as "mitigating" the threat, but is not a full prevention. Several alternative "other actions" are described, but I'm not sure that the descriptions are likely to be sufficiently clear for many users to implement them easily, or to turn them off if/when they're no longer needed. Warnings of "reduced functionality" come with each of the alternatives.

It appears that the threat is currently fairly minimal for those with good AV and a good firewall; but nobody - that I've found thus far - really is willing to give much of an assurance on that.

If there's a real concern, you can take a look at the

KB article for Users

and/or the

advisory for IT professionals.

It is indicated that any one of the alternate methods is sufficient, but (IMO) most users will have difficulty deciding which to use, and as yet there is little real guidance for the non-professional user like most of us.

A significant vulnerability, but with fewer known exploits at the time of the notes, was reported for Firefox about the middle of last week, and I've seen no reports of a patch issued for it either. (As I don't use it, I might have missed the solution.) If you decide to use it instead of IE, checking for latest version and updates would be a good idea, perhaps.

John