Petronella Blog Archive

Visit our New Blog

Security Alert: Hackers Exploiting Newly Discovered Flaw in Internet Explorer

Blog Post

Over the weekend, Microsoft revealed that there is a newly discovered security flaw in Internet Explorer that hackers are exploiting. It is called a “zero day” exploit because there was zero time between the discovery of the flaw and the first known exploits by hackers.

The flaw affects nearly half of all browsers used for accessing the web. Although the affected browsers include Internet Explorer versions 6 through 11, the primary targets, according to FireEye, the security firm that discovered the exploit, are versions 9 through 11.

Microsoft is investigating the flaw and has not yet issued a security patch. As a result, the United States Computer Emergency Readiness Team (US-CERT), which is part of the U.S. Department for Homeland Security, has recommended that users either 1) follow workarounds listed by Microsoft in a security advisory or 2) stop using Internet Explorer altogether until a patch is made available. For those still using Windows XP, no patch will be made available because Microsoft ended support for XP on April 8, 2014. If you use Windows XP, US-CERT advises using another web browser.

Use a Different Web Browser


Until Microsoft patches Internet Explorer, using a browser such as Google Chrome or Mozilla Firefox can keep you safe from this particular security flaw.

Don’t Click On Suspicious Email or Chat Links

This is a general, best-practice, not just for this flaw. This vulnerability only works if the hackers can get you to click on an infected page they’ve set up. These contaminated links might make their way to you via email messages or chat messages that seem legit. If someone forwards you an email or initiates a chat with a link in it, call them on the phone and ask them if they really sent it. This accomplishes two things: One, you can make sure you’re not being tricked. Two, it’ll make that person think twice about forwarding you an email or trying to chat with you ever again. The less time you spend dealing with forwarded emails and chat conversations, the more time you’ll have to spend with your family.

Download and Install This Microsoft Toolkit

I know that I just advised you to not to click on mysterious links, but click on this mysterious link and install this program. It’ll automatically protect Internet Explorer and “make the vulnerability harder to exploit,” according to Microsoft. Notice that Microsoft didn’t say that this is the cure and it would be impossible for a hacker to exploit.

Ramp Up Your Internet Explorer Security Settings

If you don’t want to use a different browser until this gets patched, you can increase Internet Explorer’s security level instead. Take note that increasing the security level could impact the performance on certain sites, especially those containing interactive elements. This should be a last resort. Use Chrome or Firefox first if you can. You may enjoy the performance increase.

Here’s Microsoft’s how-to:

“To raise the browsing security level in Internet Explorer, perform the following steps:
1.On the Internet Explorer Tools menu, click Internet Options.
2.In the Internet Options dialog box, click the Security tab, and then click Internet.
3.Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
4.Click Local intranet.
5.Under Security level for this zone, move the slider to High. This sets the security level for all websites you visit to High.
6.Click OK to accept the changes and return to Internet Explorer.

Note If no slider is visible, click Default Level, and then move the slider to High.

Caution: The above security settings may make certain websites not work properly. In this case, you will have to contact those vendors to find alternative settings with a balance of security and functionality.

Bonus Tip: If you’re using Internet Explorer on Windows XP, the chances that this issue’s going to get fixed are pretty slim. Microsoft recently dropped support for XP earlier this month, which means any security fix that’s issued for one of Microsoft’s newer operating systems won’t make its way to Windows XP. If you insist on using XP, use a different browser like Chrome or Firefox for everything and pray that neither of those browsers suffers a serious setback such as this in the future. Microsoft details a few other tips here.

Please contact us with any questions regarding this security issue.

Sincerely,

Craig Petronella / President
Petronella Technology Group, Inc.
5540 Centerview Dr., Suite 200
Raleigh, NC 27606