Over the weekend, Microsoft publicly released information pertaining to a security vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability would allow an attacker to host a website that contains a webpage that is used to exploit this vulnerability.
In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker has no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.
Given that there are some fairly easy work around’s for this vulnerability we see this as a lower risk vulnerability, but a widespread and a vulnerability none the less, if your organization is highly risk adverse we can discuss with you steps we can take to mitigate the vulnerability before it is patched. Workarounds are listed below.
Use a Browser other than Internet explorer until Microsoft issues a patch. Chrome and Firefox are good alternatives.
Be careful with and aware of the links you are clicking on. If an email looks suspicious it probably is and don’t click the links. Be careful of the sites you visit. The easiest way to stop anything like this is with the end user.
If you have questions or concerns, please let Sovran know as we are happy to assist and discuss this with you further, and implement some of the more in depth workarounds if needed for your environment.
Learn more about what Sovran can do for your business.
Call us today(651)686-0515
2915 Commers Drive Suite 100 Eagan, Minnesota 55121-2361