Vulnerability Found in ALL Versions of Internet Explorer

Microsoft announced on April 26th, 2014 a new ZERO DAY vulnerability that allows a computer to give a remote hacker the ability to gain full access to your computer. This affects Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

Per Microsoft:

An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.

The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.</div class=”codebox”>

According to Fire Eye they suggest that the current usage of Internet Explorer is about 26% of all internet browser usage. This creates a major concern for us at Byteworks because at this time there is not a released patch for this vulnerability. We highly suggest that you use another browser such as Firefox going forward until a patch has been released and put in place. If Internet Explorer must be used then please use the following workaround.

Workaround:
You can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to block ActiveX controls and Active Scripting. You can do this by setting your browser security to High.

To raise the browsing security level in Internet Explorer, perform the following steps:

  1. On the Internet Explorer Tools menu, click Internet Options.
  2. In the Internet Options dialog box, click the Security tab, and then click Internet.
  3. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
  4. Click Local intranet.
  5. Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
  6. Click OK to accept the changes and return to Internet Explorer.
Previous Post
OpenSSL Heartbleed Bug – Update Your Systems!
Next Post
The Best New Features of Cisco’s Unified Collaboration 10.X