Alert: Microsoft Internet Explorer Vulnerability
For those of us that use the internet, the past few weeks have been full of news about bugs and vulnerabilities that have caused panic and uncertainty. The OpenSSL Heartbleed bug hit the Internet by storm a few weeks ago, and now Microsoft has released information about another serious vulnerability impacting ALL versions of Internet Explorer (IE6-IE11).
This vulnerability was released as Security Advisory 2963983. In the advisory Microsoft explains what may happen to those using IE6-IE11:
The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
What Should You Do if You Use Internet Explorer?
The U.S. Computer Emergency Readiness Team (US-CERT) issued a statement advising users to follow recommended workarounds provided by Microsoft, or consider employing an alternate browser until Microsoft fixes this critical vulnerability. The workarounds published by Microsoft refer to a setting or configuration change that does not correct the underlying issue, but instead MAY help block known attack vectors until a security update is available.
- Set Internet and Local intranet security zone settings to "High"
- Configure Internet Explorer disable Active Scripting in the Internet & Local Intranet security zones
- Deploy Microsoft's Enhanced Mitigation Experience Toolkit
- Enable Enhanced Protected Mode For Internet Explorer 10/11
For more details on Microsoft’s suggested workarounds, please visit: https://technet.microsoft.com/en-US/library/security/2963983%23ID0EUFAC