New vulnerability endangers all versions of Internet Explorer

    dsilver

    C-Forward is recommending that clients switch to another browser until a patch is made available.

    According to a confirmation by Microsoft late last night, a new zero day vulnerability has been found to affect every version of Internet Explorer. “Attacks taking advantage of the vulnerability are largely targeting IE versions 9, 10, and 11 in something called a “use after free” attack. Essentially, the attack corrupts data as soon as memory has been released, most likely after users have been lured to phony websites. Microsoft explains: “The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.” As part of this vulnerability, Microsoft is urging everyone to update their Adobe Flash player (which is being used to spread the threat).  “

    Please use the following site to check which version of Flash player you have, and what upgrade options are available: https://www.adobe.com/software/flash/about/ Microsoft is currently investigating the issue and will likely release an out-of-cycle security patch to take care of the problem. According to security firm Fire Eye, this means that about 26 percent of the entire browser market is at risk. NOTE: Be aware that the patch will NOT be available for machines that are using Windows XP – which presents an additional threat to your network.

    FOR MORE INFORMATION, OR IF YOU NEED ASSISTANCE WITH THIS, PLEASE CALL C-FORWARD @ 859-442-7877