Written by Aaron Sherrill, CTO of Claris Networks
As you may be aware, a new zero-day vulnerability has been discovered that affects every version of Internet Explorer from version 6 through 11. The security vulnerability is so significant that the U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is issued for the flaw.
How it works
The security flaw allows malicious hackers to get around security protections in the Windows operating system. Users become infected when visiting a compromised website. These are called “watering-hole attacks”. Rather than attack a user directly, the hackers inject their code into a “normal, everyday website” that the user visits. The code hidden on the site then infects their computer.
The attacks do not appear to be widespread at this time, however, Microsoft said it was “aware of limited, targeted attacks that attempt to exploit” the vulnerability.
Microsoft has confirmed that it is working to fix the code that allows Internet Explorer versions 6 through 11 to be exploited by the vulnerability. However, as of April 29th, no fix had been posted.
What can you do until the patch has been released and installed?
- Use other browsers, such as Google Chrome or Mozilla Firefox. This security issue currently does not affect these browsers.
- Enable EPM feature. It is possible to continue using IE10 and IE11 until Microsoft releases a patch by enabling Explorer’s “Enhanced Protected Mode” (EPM). With EPM enabled, you won’t be vulnerable to the bug. This is one of the Microsoft-recommended “workarounds” listed on its website. Click here to visit this page.
Learn how to disable and enable EPM by watching the video below.
- Another option is to disable Adobe Flash. Because the hack uses a corrupted Adobe Flash file to attack the victim’s computer, users can avoid it by turning off Adobe Flash. Disabling the Flash plugin within IE will prevent the exploit from functioning.
How to disable Adobe Flash in Internet Explorer:
- Open IE and click “Tools” in the menu bar
- Click “Manage Add-ons”
- Click Shockwave Flash
- Click “Disable”
- Click “OK”
Claris Networks will be pushing out the patch to all the systems that we manage as soon as it has been released and tested. If you have Windows systems that Claris does not manage and would like to ensure this patch is deployed on all them, please click here to contact us.
If you have any other questions, feel free to reach out to us on Facebook or Twitter at @clarisntwrks.
The post What to do about the Internet Explorer Security Threat appeared first on Claris Networks - IT Support Company | Knoxville Chattanooga | Information Technology Services | Consulting | Cloud Computing | Hosting | EMR Solutions.