WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

New Internet Explorer vulnerability requires immediate action

Exploits of serious vulnerability likely to increase; IE users need to make settings changes or use an alternative browser.

Microsoft has issued Security Advisory 2963983 about a new and potentially serious vulnerability in Internet Explorer. This was reported by FireEye and is currently under investigation.

The vulnerability is a ‘use-after-free’ memory corruption and the exploit observed seems to target IE9, IE10 and IE11, says Microsoft.

Key points from Microsoft’s warning include:

  • The exploit requires the presence of VML and Flash IE components;
  • Enabling EMET protection prevents vulnerability activation.

Click here for the latest information and mitigation instructions.

ADVICE FROM US-CERT

US-CERT recommends that users and administrators review the Microsoft Security Advisory for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.

ADVICE FROM ENISA

ENISA says that this is a serious zero-day attack which is a significant threat for IE users as there is no quick fix to repair, and patch it.

Users who want to avoid the risk should temporarily use another browser until this security gap has been fixed. If this is not possible, IE users should ensure that EMET 4.1 or 5.0 is installed and that all mitigations are enabled and that VML and Flash are disabled.

Enhanced protection mode in IE should be activated. EPM was introduced in IE10

One of the biggest problems with this vulnerability is that the Windows XP users will be exposed since no patch will be released for XP.

•Date: 30th April 2014 •World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here