Security Advice: Microsoft IE – Zero-day flaw

The following information was emailed to our clients on Friday morning, 2nd May 2014:

Please be aware, if you have not already heard, that there is a new Zero Day flaw discovered that affects all versions of Internet Explorer from version 6 upwards.

This zero day exploit (with the official name of CVE-2014-1776) allows hackers to access memory data on a user’s computer and potentially even install and delete programs if the user has sufficient rights. Users may be affected by something as simple as clicking on a malicious link on an email or a website.

The flaw is rated Critical, the most severe rating in Microsoft’s security categories.

Microsoft has issued a patch, which is downloaded automatically on computers installed to received automatic updates from Microsoft. Users who do not receive automatic updates are advised to install it manually immediately.

In the meantime, please note our recommendations below, several of which, relates to best practises and not just this issue :-

1) Avoid using Internet Explorer for general browsing until a fix is released. Switch to using either Google Chrome or Firefox instead.
2) Further to (1) above, if you have work related sites that requires IE in order to function correctly, restrict your usage of IE to those sites only, as long as you are comfortable that those sites are safe
3) Keep your Antivirus / Antimalware software current and up to date
4) Be very, very aware of links on websites AND emails. If in any doubt, don’t click it ! Even if you are using another browser in the meantime, if IE remains the default browser on your computer, clicking on a malicious link will automatically launch IE and infect your PC
5) Avoid giving users Administrative rights to the systems and the network where possible. Though this should be the norm, too often have we seen well-meaning local administrators infect their networks because they automatically enter administrative credentials whenever prompted by the systems without any further thought.
6) Microsoft also advises users to set their IE Security Settings to High though this can cause issues with some web sites and web functionality

Windows XP users: As forewarned in the months leading up to April 8th when all support for Windows XP officially ended, Windows XP users will start becoming more and more at risk as more security issues come to light in the future. However, Microsoft is making an exception in this case and will also push the update to Windows XP.

Posted in: