Internet Explorer Users are Vulnerable to Attack
Is your computer at risk?
While IE will still come with Windows, older browser versions are being relegated to “legacy compatibility” duties. Internet Explorer now joins the long list of software security threats to businesses.
Internet Explorer Vulnerability Risks
Microsoft urges everyone to use Edge for its faster performance and improved features.
Are you still using Internet Explorer Version 6 to 11? If you have automatic updates turned off on your computer, here is what you need to know to ensure your computer is not at risk.
The Department of Homeland Security now recommends that PC users avoid using Internet Explorer until Microsoft releases a patch for a recently discovered vulnerability.
Microsoft previously warned Windows XP users would not be receiving a patch to this or any other vulnerability, but since then, they have made the surprising decision to issue an update through the Windows update function of the Windows Operating system.
This update was released to Windows operating systems (including Windows XP) – which Microsoft officially stopped supporting on April 8th of 2014.
Adrienne Hall, general manager with Microsoft’s Trustworthy Computing section stated, “Because the security flaw came to light so close to the end of Microsoft support of the still-popular operating system, the decision was made to aid consumers.”
She continued, “Of course, we’re proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade.”
Hall added, “This is why we’ve been encouraging Windows XP customers to upgrade to a modern, more secure operating system like Windows 7 or Windows 8.1”
What Are the Risks of this Vulnerability?
FireEye, a California based computer security company, first publicized the vulnerability after observing a known hacking group launching “spearfishing attacks” against some of their customers.
Darien Kindlund, Director of threat research, stated the attacks appeared to focus on industrial espionage, targeting intellectual property or corporate secrets.
To carry out the attack, someone in the targeted company would receive an email. This email would include a link to a website the hackers controlled. The victim would click on the link to visit a page that would compromise their system.
Although this particular group was not interested in the computers of regular consumers, the computer code necessary to carry out these types of attacks may be dispersed to less sophisticated hacker groups looking to steal credit card information.
Microsoft released its patch quickly, so this does not appear to have taken place, but your computer may still be at risk if you Microsoft’s automatic update feature has been turned off on your PC.
What Can You Do to Ensure Your Computer (and Network) Are Not at Risk?
If you do not have Windows Updates enabled, be sure to turn automatic updates on, update your system manually or contact Ontech Systems for assistance in updating your system.
To allow updates, click on the “Check for Updates” button on the Windows update portion of the Control Panel as shown below.
Still using Windows XP?
As Microsoft previously warned, threats like this will continue to take place since the company has publicly stated they are discontinuing support of the Microsoft XP operating system as of April 8th, 2014.
Ontech Systems can provide you with cost-effective solutions to avoid these unnecessary risks.
We are featuring a new line of Business Desktops and servers from HP along with Lenovo’s latest line of ThinkPad laptops to replace Windows XP desktops and laptops.
If you have questions about this threat or you are concerned, your network may be at risk, call our office today at (262) 522-8560; contact us online for more information or request a free Network Discovery.
Or, learn more about what's included in a Network Security Assessment here.
Schedule a network security assessment
When you request a security assessment below, we'll contact you to schedule a complementary introductory meeting to discuss the details of the assessment and how we can best assist you.
*This security analysis is not all encompassing. However, the results of this analysis may prompt additional recommendations that are more focused on specific aspects of your environment. EX: PCI & HIPAA audits, in-depth anti-virus testing, firewall/router audit, etc.