The tool that allows the vast majority of businesses to utilize the Internet in order to carry out their day-to-day operations is the browser. While there are numerous browsers available, many businesses rely on Internet Explorer (IE). This browser comes pre-installed on all machines using Windows. However, if you use IE, there is a new exploit that you should be aware of.
A zero-day flaw is a security vulnerability that is taken advantage of by hackers on the day it is discovered. In other words, there are zero days between the discovery of the vulnerability and people taking advantage of it.
The way most software programs work is if a user finds a security flaw, they will usually inform the developer who will then develop a fix and release it in a patch that users download. The problem is, sometimes it is a hacker who discovers this vulnerability. Instead of reporting it, they start to capitalize on the flaw, exploiting it to attack other users before the developer becomes aware of it and has a chance to fix it.
In late April, news broke that a zero-day flaw had been discovered in Internet Explorer’s code. The flaw affects IE versions 6-11 – essentially every supported version of the browser. Hackers had found a previously unknown flaw that allowed them to gain the same access rights as a user.
How it worked is that the hackers sent emails to users with links to a website that hosts a malicious code. These emails were largely phishing in nature, meaning they aimed to get the user to click on a link in the email. Some of the subject lines used in attacks included:
In these emails there was a link to a website that hosted a code which could then be executed if the user visited the site using IE. When executed this could potentially expose the user’s system. Once vulnerable, the hackers could install malicious software without the user’s knowledge.
The good news is that Microsoft has released a patch that fixes this exploit. This has definitely been welcomed, and what is really interesting is that Microsoft has actually released the update for XP users as well – this coming after the cessation of support for XP.
To guard against the exploit you should firstly update the version of Internet Explorer that you are using. The easiest way to do this is to go to the Internet Explorer website and download the latest version – version 11 – of the browser. Version 11 can run on both Windows 7 and 8, so the vast majority of users should already be running this latest version.
If you are using an older version, Microsoft has pushed the patch out via both IE’s automatic update feature – so restarting the browser should install the update. The other option is Windows Update. Simply running the Update program and installing the updates should ensure that the latest version of IE is installed.
For Windows 7 and 8 users, you can do this by:
Once installed, you should restart your computer if you aren’t asked to do so. If you noticed that Automatic Updates was already ticked, try restarting your computer and this should install the updates.
If you are using XP, you can visit the Microsoft Update website using Internet Explorer and following the instructions.
Aside from updating your browser, you should ensure that your anti-virus and malware scanners are up to date and scheduled to scan your system on a regular basis. Be sure to look at all emails closely as well, if one seems a bit dodgy, or you receive one from someone you don’t know, it is best to ignore it and delete it right away.
Businesses who are using XP should seriously consider updating because Microsoft will not be introducing security updates in the future, leaving your systems at greater risk of attack. At the very least, it may also be a good idea to switch to another browser like Firefox or Chrome, both of which will work on XP and are updated regularly.
Worried that your systems are not secure enough, or still running XP? Contact us today to see how we can help.