We are issuing a Threat Alert e-mail due to a zero day vulnerability in Microsoft’s Internet Explorer (IE) browser, versions 6 through 11. This security vulnerability poses a threat to Microsoft Windows users who use the Internet Explorer browser, thought to be as high as 55% of the PC browser market according to tech research firm NetMarketShare. The U.S. Department of Homeland Security has issued Vulnerability Note VU#222929 that advises computer users to consider using alternative browsers such as Google Chrome and Mozilla Firefox until Microsoft fixes the security flaw.
A group of hackers have been exploiting the bug and targeting financial and defense companies in the U.S. It is anticipated that other hackers will rush to exploit this vulnerability before Microsoft issues a fix. Microsoft issued Security Advisory 2963983 which explains the vulnerability could allow a hacker to take complete control of an affected system, and then do things such as viewing, changing, or deleting data; installing malicious programs; or creating accounts that would give hackers full user rights.
Microsoft has not yet announced when a patch to deliver a fix will become available, but they did confirm the patch will not protect Windows XP users. Microsoft recently ended support for Windows XP and is trying to push XP users to Windows 7 or 8. This will be the first patch update from Microsoft that excludes Windows XP, which is still thought to run on about 1 in 4 PCs.
Recommendations
Window 7 or 8 users: Utilize another web browser, such as Google Chrome or Mozilla Firefox, until Microsoft is able to resolve the issue .
Windows XP users: Stop use of Internet Explorer going forward and select another web browser, such as Google Chrome or Mozilla Firefox, The alternate web browser should be set as your default browser as Microsoft will not be releasing a patch for Internet Explorer versions compatible with Windows XP.
Security vulnerabilities like this illustrate the importance of having PCs protected with antivirus solutions like SecureIT Plus to minimize risk.
Eric Christoffersen
VP Technology & Support