Security Bulletin: Microsoft Internet Explorer Zero-Day Vulnerability
What is it?
A critical vulnerability in Microsoft Internet Explorer (IE) may allow attackers to execute code on a computer if the user visits a malicious web site.
Who is impacted?
Any Microsoft Windows system that uses Internet Explorer to access the Internet is at risk. This includes all versions of Internet Explorer from IE6 through IE11.
What should you do?
There are several options available, each with varying degrees of difficulty. Depending on feasibility, you should:
- Stop using Internet Explorer and use an alternative browser. This may not be possible for individuals that rely on web services that use ActiveX, SharePoint, or other Microsoft technologies.
- Stop using Internet Explorer for browsing the Internet, and use IE only with specific sites that you trust. There are several methods available for configuring security options in IE to support this, such as whitelisting.
- Use more restrictive security settings in IE. The Security Zones in IE may be used to restrict what untrusted sites are allowed to do. Preventing script execution for such sites may help protect your system.
Generally speaking and especially in light of this vulnerability, it is not advisable to browse the Internet while you are logged into a system with administrative credentials.
Where can you get more information?
The Winxnet Security Team is happy to answer any questions you may have on this subject. Please reach out to us at 866.946.9638 or firstname.lastname@example.org. More detailed technical information is also available in Common Vulnerabilities and Exposures (CVE) at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776.
The Winxnet Security Team provides information security services to customers throughout the Eastern United States. Our team is led by Eugene Slobodzian, PhD, CISSP with over 15 years of experience providing Information Security services to businesses throughout the region. Winxnet provides Managed Security Services, Penetration Testing, Vulnerability Management, Social Engineering Tests, IT Risk Assessments and Virtual Security Officer consulting.