April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
DHS advises computer users to temporarily consider an alternate to Microsoft’s Internet Explorer
On the heels of the Heartbleed security bug, Microsoft Corp. is scrambling to fix a bug affecting the widely used Internet Explorer (IE) Web browser. The U.S. DHS is advising computer users to consider an alternate to IE until the security flaw is fixed.
The U.S. Computer Emergency Readiness Team (US-CERT), part of DHS, stated, “US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Exporer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.”
According to the US-CERT release, “By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code.” At this time there are no practical solutions, although Microsoft has released workarounds, which can be found at Microsoft Security Advisory 2963983.
Microsoft said in the advisory that the vulnerability could allow a hacker to take complete control of an affected system, and then do things such as viewing, changing, or deleting data; installing malicious programs; or creating accounts that would give hackers full user rights.
Earlier this month, Microsoft stopped providing security updates for Windows XP users. Those operating the 13 year old system will not be protected once Microsoft releases a solution.
In addition to possibly switching to an alternative web browser, US-CERT advised businesses to consider using a free Microsoft security tool known as EMET, or the Enhanced Mitigation Experience Toolkit, to thwart potential attacks. Security experts say EMET is helpful in warding off attacks, but businesses are sometimes reluctant to use it because it can cause systems to crash due to incompatibility with some software programs.