Microsoft Internet Explorer Vulnerability

UPDATE -- As of  5/1/2014, Thursday afternoon (ET), Microsoft has issued a patch to fix the Internet Explorer Vulnerbility. Interestingly, they included Windows XP in the patch rollout.  For those machines with Auto Update enabled, the patch will be loaded automatically. 

More information:

From Windows XP machines:


This has been the month for serious security issues for computer users.  First there was the Heartbleed problem that potentially compromised server side security.  Now we have a very serious Microsoft Internet Explorer vulnerability, that affects the Internet Explorer Browser -  IE Versions 6-11, has been recently discovered.  While there is currently NO “fix” for the issue, there are some work-arounds. Anyone running a Windows operating system potentially has to deal with this issue.

First and most important -- Do NOT Use the Microsoft Internet Explorer browser with any Windows Operating System!  

  • If you are still using Windows XP, use another browser, like Google Chrome, or Firefox.  There will not be a patch released for Windows XP.  We recommend removing Internet Explorer permanently.

  • For Windows 7 or 8, and if your applications allow the use of another brower. use Google Chrome, Firefox or other non-Microsoft browser, until Microsoft releases a Patch for IE. 
  • If you must use Internet Explorer, removing the Adobe Flash plugin is a workaround although certain websites that use Flash may not work correctly.

This problem is called a zero-day exploit, considered to be an issue that was previously unknown.  It allows attackers to install malware on your computer without your permission and potentially gain control of that machine.

Due to the end of support for Windows XP and Windows Server 2003, which include Internet Explorer 6, there will not be a security fix for Internet Explorer 6 to patch this vulnerability. If you are running XP and/or Server 2003, we recommend that you upgrade as soon as possible to Windows 7/8.1 and Server 2012. This is only the first of multiple vulnerabilities and "hacker's paradise" type scenarios that experts are predict will endanger XP users' security.

As CNET explains: "Security firm FireEye, which discovered the bug, said that the flaw is being used with known Flash-based exploit technique to attack financial and defense organizations in the US via Internet Explorer 9, 10, and 11. Those versions of the browser run on Microsoft's Windows Vista, Windows 7, and Windows 8 although the exploit is present in Internet Explorer 6 and above."

CERT (Computer Emergency Readiness Team) has made the unusural recommendations that computer users avoid using any version of Internet Explorer until the problem has been patched. Specifically, the advisory says administrators and users should "review Microsoft Security Advisory 2963983 for mitigation actions and workarounds" and that people who can't implement those stopgap measures, Windows XP users among them, "may consider employing an alternate browser."

According to CNET: "FireEye recommends that if you can't switch browsers, then disable Internet Explorer's Flash plug-in. You also can use IE with Microsoft's Enhanced Mitigation Experience Toolkit (EMET) security app, but that will not be as secure as simply switching browsers."

We will update this posting as more information becomes available.  Call us at 607-257-3524 should you need any assistance in setting up another browser moving bookmarks, or removing the Adobe Flash plugin.


Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
Comments are not allowed for this entry.