Free Newsletters for the Channel
Register for Your Free Newsletter Now
The U.S. Department of Homeland Security (DHS) said it is "currently unaware of a practical solution" to the Microsoft (MSFT) Internet Explorer (IE) Web browser vulnerability identified by FireEye Research Labs. How can managed service providers (MSPs) avoid problems due to this security flaw?
April 29, 2014
The U.S. Department of Homeland Security (DHS) said it currently has no idea how to combat the Microsoft (MSFT) Internet Explorer (IE) Web browser zero-day exploit discovered by FireEye Research Labs. In fact, DHS is recommending IE administrators and users “consider employing an alternate browser” until the bug is patched.
FireEye first identified the IE zero-day exploit on April 26 and said hackers can use it in targeted attacks against IE users. The vulnerability affects IE6 through IE11, but hackers are reportedly targeting IE9 through IE11 users. According to NetMarketShare.com, about 55 percent of PCs run IE6 through IE11, and roughly 25 percent run either IE9 or IE10.
Hackers are using the IE vulnerability as part of “Operation Clandestine Fox,” FireEye said. This security bug allows hackers to lure IE users to a website containing an Adobe (ADBE) Flash file that enables a hacker to run a program within IE. Meanwhile, the Flash file corrupts a computer’s memory and allows an attacker to take over a victim’s computer.
“[Hackers are] essentially inserting this malicious code onto a website, and if you happen to visit that website at the time when that malicious code is there, your computer is at risk,” Satnam Narang, a security response researcher at Symantec (SYMC), said in a prepared statement.
So what can managed service providers (MSPs) do to minimize or mitigate this IE vulnerability? To date, Microsoft has issued Security Advisory 2963983 to assist IE users, but has yet to patch the bug.
“We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing anti-malware software,” Microsoft wrote in its security advisory.
In addition, Microsoft is investigating the vulnerability and said IE users running Microsoft software should install the latest Microsoft security updates to make sure their computers “are as protected as possible.”
But for now the safest course of action is to use alternative browsers, security experts say.
Contributing writer, Penton Technology
Dan Kobialka is a contributing writer for MSPmentor and Talkin' Cloud. In the past, he has produced content for numerous print and online publications, including the Boston Business Journal, Boston Herald and Patch.com. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State College (now Bridgewater State University). In his free time, Kobialka enjoys jogging, traveling, playing sports, touring breweries and watching football (Go Patriots!).
You May Also Like
Mobile World Congress: VMware Talks SASE, 5G, SD-WANFeb 27, 2024
Zero Trust World: ThreatLocker Providing an Action Plan for Preventing AttacksFeb 26, 2024
The Gately Report: Trellix Partners Shielding SMBs from RansomwareFeb 26, 2024
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024