Today's Daily Cyber Security Tip

Critical Vulnerability in Internet Explorer

RSS RSS Feed
Syndicate Web Feed
 
Tuesday, March 16, 2010

On March 1, 2010, Microsoft reported a critical vulnerability in Internet Explorer which could allow an attacker to take complete control of an affected system. As of March 16, 2010, no patches are available for this vulnerability. Exploitation may occur if a user visits, or is redirected to, a web page which is specifically crafted to take advantage of this vulnerability. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Proof of concept code for exploiting this vulnerability is publically available on the Internet. Users should install the appropriate Microsoft patch as soon as it becomes available.  In the interim, users can take the following pre-cautions:

  • Use an alternate browser such as Firefox (Mozilla) , Safari (Apple) or Chrome (Google). These are available as a free download.  Be sure you are using a fully patched version and that you have "Auto Update" enabled for these browsers. Note: A security patch for Safari was released by Apple on March 11, 2010.

If this is not feasible:

  • Log-in as a non-privileged user (one without administrative privileges) when browsing the Internet to diminish the effects of a successful attack.
  • Be sure that your computer is configured to install the appropriate vendor patch as soon as it becomes available. If your Windows system is set to "Auto Update," no action is required as your system will be updated when the patch is available and you connect to the Internet. If you do not have "Auto Update" enabled, go to Settings/Control Panel/Auto Update and follow the instructions to have patches/updates applied automatically. 
  • As always, do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.

Partnerships

Additional information and resources for educating citizens on cyber issues and implementing sound cyber security practices are available at the following websites:

 

OCTOBER IS CYBER SECURITY AWARENESS MONTH
Please visit the 2009 MS-ISAC October Cyber Security Awareness Month web page for more information!