Microsoft has released an alert about a newly discovered vulnerability in all versions of Internet Explorer (IE 6 – IE 11) that allow an attacker to install and run malicious code on a computer. The most likely way a computer would be affected is through a website drive-by-download. A drive-by-download is where a user visits a malware infected website and malicious code exploits the vulnerability in the user’s web browser to infect the computer.
Currently, researchers are only seeing active campaigns targeting IE 9 through IE 11, though earlier versions of Internet Explorer may become future targets. When Microsoft releases a patch to fix this vulnerability only users running Windows 7 and newer will be fixed. Since Microsoft ended support for Windows XP earlier this month, Windows XP users will never have this vulnerability fixed, leaving these computers insecure.
What can we do to protect ourselves?
Computers with Windows 7 and above
Until a patch is released, we recommend that those using computers with Windows 7 and above use an alternate browser like Firefox or Google Chrome. Internet Explorer should only be used in instances where it is recommended for business activities such as SharePoint or Banner. Chrome is preinstalled on all newer NUNET imaged computers and is available through Software Center. To install Google Chrome click on the Start menu –> Microsoft Systems Center 2012 –> Software Center, then check Google Chrome and click INSTALL SELECTED.
Computers with Windows XP
Microsoft no longer releases updates or patches for Windows XP so there will never be a patch for this vulnerability. It is strongly recommended to upgrade to Windows 7. Contact the ITS Service Desk at 617.373.4357 or email@example.com for assistance with alternate browsers or upgrading to Windows 7.
Want to learn more? Read the New Vulnerability in ALL Versions of Internet Explorer blog post on the SecureNU website.
Questions or concerns? Please contact the ITS Service Desk at 617.373.4357 (xHELP) or firstname.lastname@example.org.
For the latest news on security issues, visit the SecureNU website or follow SecureNU on Twitter. To stay updated with all things tech-related, please visit the ITS website or follow NortheasternITS on Twitter.
SecureNU – New Vulnerability in ALL Versions of Internet Explorer
Microsoft Security Advisory – Vulnerability in Internet Explorer could allow remote code execution
CNET – New zero-day vulnerability identified in all versions of IE
Washington Post – Hackers targeting newly discovered flaw in Internet Explorer
Symantec – Emerging Threat: Microsoft Internet Explorer Zero-Day (CVE-2014-1776) Remote Code Execution Vulnerability