As you may be aware, there has been a critical security vulnerability found and exploited in Microsoft Internet Explorer versions 6 through 11. Until Microsoft release a patch, here’s what the security analysts at Ward Solutions recommend users do to protect themselves and their businesses:-
- Avoid using Internet Explorer where possible. If you must use Internet Explorer for a certain application or site them limit your use of its to these situations only
- Disable Adobe Flash plugin as this is required for this bug to work
The Microsoft Internet Explorer exploit relies on a flaw in Internet Explorer and the presence of Adobe Flash. It does require a user to visit a malicious web page, or a web page that has hosted user-provided content or advertisements. Once exploited, the flaw allows the attacker to run commands and code on the target users machine, with local user privileges.
In short, this means that the latest IE bug works when an internet user clicks on a malicious link in Internet Explorer. There is no warning that something might be wrong, and clicking on the wrong link is all that it takes for your computer to be compromised. After you click on the link, malware may be installed on your computer without being noticed.
If you would like further assistance or advice on this issue, please contact the Helpdesk on (01) 6420100 or via email at support@ward.ie
References:
[1] http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html “New Zero-Day Exploit…”
[2] https://technet.microsoft.com/en-US/library/security/2963983 “Microsoft Security Advisory 2963983”