On Sunday, Microsoft issued a warning about a vulnerability in Internet Explorer (IE) versions 6-11. The US Government and European governments have issued other alerts advising users not to use IE until the issue is resolved.

This note is intended to provide a high-level summary of the risk and what the impact may be to you or your company’s systems. For an in-depth technical summary, please contact our office.

What is the issue?

The vulnerability exposes users to active attacks that attempt to exploit a previously unknown security flaw in every supported version of IE. The vulnerability could be used to silently install malicious software, typically when the user visits a malicious (or hacked) website.

Has the Vulnerability been fixed?

Not yet. Microsoft is working on a fix. In the meantime, Microsoft has recommended users download and install a new version (4.1) of its Enhanced Mitigation Experience Toolkit (EMET) that will strengthen the security of Internet Explorer. Another option, although not mentioned by Microsoft for obvious reasons, is to use an alternate browser such as Google Chrome.

What if I am still running Windows XP?

Unfortunately, the latest enhancements in EMET version 4.1 do not fully work with Windows XP. A key priority would be to move to a different Operating System such as Windows 7, Windows 8 or Apple OSX. In the meantime, we would recommend users install the latest version of Google’s Chrome browser, which does not have that vulnerability. If you need assistance with either mitigation method, please submit a support ticket by sending an e-mail to support@interphasesystems.com.

How else can I limit my risk?

Security firm FireEye has recommended that users turn on something called “Enhanced Protected Mode” inside Internet Explorer under “Options” in IE10 and IE11. Unfortunately, although EMET is relatively easy for a technical person to set up, the average end user might find it daunting.

We also recommend that users not run their PCs while logged in as an “Administrator” level user and instead create a “Standard” or “Limited” user account and only use an Administrator account for installations and system changes. That will limit the ability for any malware to install itself on the users PC.

Closing Remarks

We hope you find this high-level summary useful. While this is a significant vulnerability, we are hopeful Microsoft will have a more comprehensive fix in place in a few days. If you would like assistance in assessing your firm’s vulnerability or mitigating the threat, please call us at 610-276-5500 to schedule an appointment or send an email to support@interphasesystems.com.