Security Alert – Internet Explorer Vulnerability
– UPDATED (5/5/14) –
Microsoft has released an emergency fix to the Internet Explorer vulnerability. As of May 1st, Windows computers with automatic updates turned on will get the patch without doing anything. Or for users without automatic updates enabled on their PC, running Windows Update manually from the Control Panel in Windows will also allow for download and installation of the patch.
Also, in a rare move by Microsoft, the patch has been issued for Windows XP as well even though it’s no longer officially supported. Microsoft claims that the decision was based on how wide ranging this vulnerability was and the fact that it occurred so close to the end of official support for the Windows XP operating system.
For the complete details from Microsoft regarding this security patch, please read this post from Microsoft’s official blog: http://blogs.technet.com/b/microsoft_blog/archive/2014/05/01/updating-internet-explorer-and-driving-security.aspx
– Original Post (4/29/14) –
Recently, it’s been found that a security flaw exists within Internet Explorer that makes it susceptible to hackers. The vulnerability is so concerning, that the US Department of Homeland Security is advising that Americans use a different web browser, such as Mozilla Firefox or Google Chrome, until a fix is released for Internet Explorer. If a user visits a website with malicious content it’s possible that a remote attacker could steal information or gain control of the user’s computer. This is a serious vulnerability that requires immediate action.
Microsoft has confirmed they are working to find a fix for this problem, but no word or timetable has been given regarding when the millions of Internet Explorer users across the country can expect a patch. This security flaw affects versions 6 through 11 of IE. Additionally, no fix will be released for anyone running Windows XP, as support for the product ran out on April 8th (more info on that here).
Although Microsoft claims that known attacks have been limited in number so far, it’s recommended that all users of Internet Explorer take action to reduce the risks posed by this security vulnerability. Because the hack uses a corrupted Adobe Flash file to attack the victim’s computer, users can secure their computer by turning off Adobe Flash within Internet Explorer or simply change web browsers entirely until a patch is released. Since Adobe Flash is so widely used, disabling it may not be an option for most users, so in the meantime, IT Decisions recommends downloading and installing Mozilla Firefox or Google Chrome (links to downloads are below). Also, it’s important to make sure to have Windows Updates turned on and set to automatic so that your workstation or laptop receives the latest security patches. If you have any other questions or would like assistance implementing a workaround until a patch for Internet Explorer is released, please don’t hesitate to contact us and open a support ticket.
The USA Today story can be found here.
Mozilla Firefox can be downloaded here.
Google Chrome can be downloaded here.
For more detailed technical information, you can read through the details of the official Microsoft Security Advisory: https://technet.microsoft.com/en-US/library/security/2963983