Security flaw hits Internet Explorer

June 4, 2014 

For many businesses, the browser is one of the most important pieces of software the computer. It not only provides access to the Internet, but also to myriad other systems, including email and documents. Many Windows users stick with Internet Explorer, automatically installed on all Windows computers. However, those who use this browser should be aware of a recent security flaw.

A zero-day flaw is a security vulnerability that hakers use the day it's discovered. In other words, there are zero days between the discovery of the vulnerability and people tak

ing advantage of it.

The way most software programs work is if a user finds a security flaw, they typically inform the developer who will then develop a fix and release it in a patch that users download. The problem is, sometimes it is a hacker who discovers this vulnerability.

Instead of reporting it, they start to capitalize on the flaw, exploiting it to attack other users before the developer has a chance to fix it.

The IE zero-day flaw

In late April, news broke that a zero-day flaw had been discovered in Internet Explorer's code. The flaw affects IE versions 6-11 -- essentially every supported version of the browser. Hackers found a previously unknown flaw that allowed them to gain the same access rights as a user.

Hackers sent emails to users with links to a website that hosts a malicious code. These emails were largely phishing in nature, meaning they aimed to get the user to click on a link in the email. Some of the subject lines used in attacks included:

• Welcome to Projectmates!

• Refinance Report

• What's ahead for Senior Care M&A

• UPDATED GALLERY for 2014 Calendar Submissions

In these emails there was a link to a website that hosted a code which could be executed if the user visited the site using IE. When executed this could potentially expose the user's system. Once vulnerable, the hackers could install malicious software without the user's knowledge.

Guard against this exploit

The good news is that Microsoft has released a patch that fixes this exploit. Microsoft has actually released the update for XP users as well -- this coming after the cessation of support for XP.

To guard against the exploit, update Internet Explorer. The easiest way to do this is to go to the Internet Explorer website and download the latest version -- version 11 -- of the browser. Version 11 can run on both Windows 7 and 8, so the vast majority of users should already be running this latest version.

If you are using an older version, Microsoft has pushed the patch out via both IE's automatic update feature -- so restarting the browser should install the update. The other option is Windows Update. Simply running the Update program and installing the updates should ensure that the latest version of IE is installed.

For Windows 7 and 8 users, you can do this by:

• Open the Control Panel on your system.

• Click on System or Performance and Maintenance followed by System.

• Select Automatic Updates from the menu.

• Following the instructions in the new window.

Once installed, you should restart your computer if you aren't asked to do so. If you noticed that Automatic Updates was already ticked, try restarting your computer and this should install the updates.

If you are using XP, you can visit the Microsoft Update website using Internet Explorer and following the instructions.

Aside from updating your browser, you should ensure that your anti-virus and malware scanners are up to date and scheduled to scan your system on a regular basis. Be sure to look at all emails closely as well, if one seems a bit dodgy, or you receive one from someone you don't know, it is best to delete it right away.

Businesses using XP should seriously consider updating because Microsoft will not be introduce security updates in the future, leaving your systems at greater risk of attack. It may also be a good idea to switch to another browser like Firefox or Chrome, both of which will work on XP and are updated regularly.

David Spire, president and CEO of United Systems, holds an MBA degree as well as multiple technical professional certifications. He can be reached at 941-721-6423 or by email at david.spire@uscomputergroup.com.

Bradenton Herald is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service