Quick Start: What Customers Can Do to Protect Themselves from Cross-Site Scripting

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

Following are step-by-step instructions that will ensure that, during the period when web sites are reviewing their code and making any needed changes, you can continue using the web safely. All vendors products are affected by this vulnerability; we have provided instructions for Microsoft products below. If you are using another vendor's products, we recommend you contact them for details on how to carry out the steps.

On This Page

General Recommendations
Prevent e-mail-based attacks
Follow security best practices to avoid being attacked when web-surfing or reading email.
Recovering from an Attack

General Recommendations

There are several precautionary steps you can take to minimize the likelihood of being affected by this issue. We recommend that all customers take these steps.

Prevent e-mail-based attacks

Turn off Active Scripting in the Restricted Zone

  • IE 5.x:

    1. Choose the "Tools" entry from the menu bar, then "Internet Options". Select the "Security" tab.

    2. Click the "Restricted Sites" icon, then click on the "Custom Level" button.

    3. In the "Security Settings" dialogue, scroll down the list of settings until you see "Scripting". Immediately below it will be "Active Scripting". Click on the "disable" option for "Active Scripting". When asked to confirm the change, answer "yes".

    4. Click OK to return to IE.

  • IE 4.x:

    1. Choose the "View" entry from the menu bar, then "Internet Options". Select the "Security" tab.

    2. Click the "Restricted Sites" icon, then "Custom Level".

    3. In the "Security Settings" dialogue, scroll down the list of settings until you see "Scripting". Immediately below it will be "Active Scripting". Click on the "disable" button for "Active Scripting". When asked to confirm the change, answer "yes".

    4. Click OK to return to IE.

Make all received mail run in the Restricted Zone:

  • Outlook 2000:

    1. From the "Tools" menu entry, Choose "Options". Select the "Security" tab.

    2. In the "Secure Content" section of the page, set the "Zone" field to "Restricted Sites". Click OK.

  • Outlook 98:

    1. From the "Tools" menu entry, Choose "Options". Select the "Security" tab.

    2. In the "Secure Content" section, click on the "Zone" field drop down box and choose "Restricted Sites". Click OK.

  • Outlook Express 5.x:

    1. Choose "Tools" option from the menu bar, then "Options". Select the "Security" tab.

    2. In the "Security Zones" section of the window, click on "Restricted Sites Zone". Click OK.

  • Outlook Express 4.x

    1. Choose "Tools" option from the menu bar, then "Options". Select the "Security" tab.

    2. In the "Security Zones" section, click on the drop down list, select the "Restricted Sites Zone". Click OK.

Follow security best practices to avoid being attacked when web-surfing or reading email.

  • Avoid promiscuous web browsing. Stick to browsing sites that you trust not to take malicious action against you.

  • Don't follow hyperlinks in emails, even if the mails appear to have been sent to you by someone you trust. It's possible to spoof the name that appears on the "from" line of an email.

Recovering from an Attack

If you believe that you have been attacked - either because you are witnessing suspicious behavior from a web site, or because you've visited a site that is known to be attacking visitors - you can take several steps to recover. You should only take the following steps if you have credible evidence that you have been attacked, because you will need to re-register at all of your web sites and re-customize them afterwards.

  • Stop the attack by closing your browser. Then restart the browser and go to a known-safe web site, such as www.microsoft.com

  • Delete all cookies in your browser to prevent the attack from being persistent.

  • IE 5.x:

    1. Choose the "Tools" entry from the menu bar, then "Internet Options". Select the "General" tab.

    2. In the "Temporary Internet Files" section of the page, choose "Settings".

    3. Choose "View Files".

    4. Click on the column header labeled "Name", and scroll down until you find the files whose names begin with "Cookie:", e.g., "Cookie:jsmith@websitename.com"

    5. For each file that matches this naming convention, click on it, then hit the delete button. When asked to confirm that you want to delete the cookie, select "yes".

  • IE 4.x:

    1. Choose the "View" entry from the menu bar, then "Internet Options". Select the "General" tab.

    2. In the "Temporary Internet Files" section of the page, choose "Settings".

    3. Choose "View Objects".

    4. Click on the column header labeled "Name", and scroll down until you find the files whose names begin with "Cookie:", e.g., "Cookie:jsmith@websitename.com".

    5. For each file that matches this naming convention, click on it, then hit the delete button. When asked to confirm that you want to delete the cookie, select "yes".

  • IE 3.x:

    1. Choose the "View" entry from the menu bar, then "Options". Select the "Advanced" tab.

    2. In the "Temporary Internet Files" section of the page, choose "View Files".

    3. Choose "View Files".

    4. Click on the column header labeled "Name", and scroll down until you find the files whose names begin with "Cookie:", e.g., "Cookie:jsmith@websitename.com".

    5. For each file that matches this naming convention, click on it, then hit the delete button. There is no confirmation.