NOTE: Microsoft has released a patch through their updating system on 5/1/14. All Pinnacle Managed Services clients have had the patch installed via our Remote Monitoring Management (RMM) tool and need to restart their computers for it to take effect. You can download the patch here.
Microsoft's Internet Explorer has remained a popular way for consumers and employees to access the Web for years. As is the case with any navigation tools, however, security is often the center of attention when new problems come to the surface. A vulnerability within the browser is affecting users relying on versions of IE 6 through IE 11, a Microsoft report explained. The issue, according to the company, regards a remote code execution issue.
"The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," the Microsoft report detailed.
Microsoft indicated that it is investigating the vulnerability with help from the company's Microsoft Active Protections Program. The report included a link for those who want more information regarding MAPP's security updates. Click here to access the site.
What makes the threat so dangerous?
The Microsoft report indicated that a hacker could potentially issue a Web-based attack that uses a webpage exploit to accept user content or become the host of these sites. Microsoft noted, however, that these malicious parties cannot force anyone to visit the compromised channel, so IE users may receive emails or instant messages encouraging them to click on links to these sites.
Microsoft noted that hackers could also gain user rights, though the impact of such capabilities varies, since some accounts may restrict certain system access.
What should you do to stay safe?
Until Microsoft issues a patch to this problem, IE users should stay clear of the browser and use another option. Pinnacle, an Advanced Imaging Solutions company, is taking necessary steps while Microsoft investigates the vulnerability. The service provider issues automatic PC updates from its system when Microsoft releases them, has established email SPAM filtering to detect if any threats even before a client opens a message and routes IE traffic through a malware detection service.
Pinnacle also assists clients that rely on managed firewalls for antivirus protection. The service provider scans any packets that come through the network.
Internet users in general must always be aware of potential threats that may expose their personal information, such as passwords, banking details, Social Security numbers and any other sensitive data. Employees relying on IE for work purposes may inadvertently allow hackers to obtain corporate content, putting the entire company in jeopardy if cybercriminals make off with documents and financial details.
The vulnerability with IE is the not the first or last problem that will Web users will face. Companies should contact Pinnacle today if they feel their systems may have been compromised.