Wednesday 30 April 2014

DHS issues warning about using Internet Explorer



Security Concept. Words Data protection on button of computer keyboard.


Over the weekend a new serious vulnerability in Internet Explorer was announced by Microsoft, affecting all users of Internet Explorer 6 through 11. The threat is serious enough that the Department of Homeland Security has issued an official warning against using Internet Explorer until the bug is patched up. The threat was explained in a bulletin from the DHS subgroup the United States Computer Emergency Readiness Team (US-CERT).



US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution.


US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.



The issue pertains to a vulnerability that allows malicious users to use specially crafted HTML documents like a webpage or HTML email to execute unauthorized code remotely. This gives the person attacking your system the same user rights as the current user, installing unwanted programs and stealing information. If the attacker manages to grab control of an Admin account the damage they can do is even more vast. For legacy Windows users this news is potentially devastating since the company ended support for Windows XP users on April 8.


Thankfully for a majority of Mac users the Internet Explorer loophole won't be an issue thanks to the host of alternative browsers available. Unless a Mac user has gone out of their way to download IE this shouldn't be an issue.


However, we know that sometimes there are people who are stuck in their ways and despite having switched over to Macs, they've stuck with IE. Others might have it installed for testing purposes. If you know a Mac user in this boat, or if you are said user, please stop using Internet Explorer immediately.





No comments:

Post a Comment