If you’re currently using Internet Explorer, pay close attention to this news: On January 17, the US Computer Emergency Readiness Team tweeted out a warning regarding a vulnerability within the browser. First discovered by Chinese research team Qihoo 3600, the flaw relates to how Internet Explorer handles memory. Microsoft has confirmed the problem, although the appropriate patch has not yet been released.
For now, the danger might be mostly theoretical. A hacker could utilize the flaw to remotely run malicious code on affected computers, but we currently are not aware of any active, ongoing threats. Neither Qihoo 3600 nor Microsoft have discovered which hackers might be exploiting the security flaw, or what type of target they might seek.
But, because the security flaw does appear to be significant enough to warrant mention, the US Cybersecurity and Infrastructure Security Agency (CISA) also released an official statement:
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC’s Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available.”
All supported versions of Windows are potentially vulnerable to the newly-discovered flaw, including Windows 7 which is no longer receiving updates.
Microsoft is working on a security patch to fix the issue, although it probably won’t be ready until their next round of fixes is released on February 11.
Until then, Explorer users have a few options. First, you should be updating from Windows 7 to a newer version anyway, so go ahead and do that if you’re still using the outdated software. But since even the supported versions of Windows won’t be receiving a security patch until February, extra caution is advised. Using a different browser could also be a viable option for many. Make sure your firewall and anti-virus program are both up to date, and review safe browsing protocol with employees.
Again, the threat at this time is minimal and mostly theoretical. But this event serves as a good reminder to stay on top of security patches, and install them as soon as they are released. For more information, feel free to call us at 888-RING-MY-TECH and we’ll be happy to assist you.