Recently security vendor FireEye publicly disclosed a vulnerability in all versions of Internet Explorer. Government security response teams urged users to rather use an alternative browser until a security fix was released. After Microsoft released the update this week, it”s no longer needed to use an alternative browser.
This high risk vulnerability, if exploited by an attacker, would allow him to gain the same user rights as the current user. The security breach could be achieved by an attacker hosting a specially crafted website that is designed to exploit this vulnerability through IE and then convince a user to view the website.
He would then entice the user the attacker enticing a user to view the attacker-controlled content by getting them to click a link in an e-mail or IM message or by opening an attachment in an e-mail.
Updating your Internet Explorer (versions 6, 7, 8, 9, 10 and 11) is critical on Windows clients. The security update addresses the vulnerability by modifying the way IE handles objects in its memory.
Microsoft has released update KB2964358 and KB2964444 to prevent this vulnerability. (More information on Microsoft’s security update can be found here.)
Campus assets running Microsoft Windows OS have the WSUS configuration installed, automatic updating enabled and users will not need to take any action. The security update will be downloaded and installed automatically.
FireEye noted that attacks rely on Flash and advised users to disable the Flash plugin in IE. Also always ensure that your antivirus software is current and updated regularly to avoid future security attacks.
SOURCE: http://www.zdnet.com en www.mirosoft.com
