Following the recent Heartbleed horror, and raising concerns that there’s some kind of cyber-apocalypse going on that we weren’t warned about, on Saturday a new flaw was found in Internet Explorer. It affects versions 6-11 and Microsoft is (probably painfully) aware that there have already been limited but targeted attacks to exploit it; especially as it’s the first one that’s been found since the support was pulled for Windows XP. Although there’s no patch for recent versions as yet, there are a few tips on how to keep as safe as possible in the meantime.
Apparently hackers are exploiting the flaw by sending bad links through emails or instant messenger, but they can’t force users to be exposed, so be careful what you click on. If they did get through it would give the hacker the same access as you, and a cyber-tonne of control, so ideally it’s best not to let the wrong’uns in if possible.
Considering, though, that these IE versions alone account for more than 50% of the global market, it means a lotta people could still be up security creek without a paddle. But security firm FireEye said that it’s just versions 9, 10 and 11 that are being actively targeted, which ‘only’ accounts for a quarter of the browser market. Microsoft say they’re investigating and will take ‘appropriate steps’ which apparently, “may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.”
Having said that, Independent security advisor Graham Cluley has pointed out that Microsoft is keeping quiet about Windows XP as its support was pulled earlier this month; so if you are still using the XP operating system you won’t get fixes and updates. Unfortunately all Microsoft is suggesting is to upgrade to a newer version. Shocker.
Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 run in a restricted mode, which should help a bit, but if you click on a dodge link then you’re out of their safety net. For newer Microsoft users a patch should be issued within a few weeks and they’ve issued a security advisory and are looking at ways to fix it. In the meantime, if the internet could just give us a break, we’d really appreciate it.
*UPDATE* – A patch has now been issued to fix the issue for all IE specs (including XP).
If you have any security concerns about your solution give us a call on 0800 230 0032.