As seen in the news Microsoft has disclosed that there is a significant security vulnerability in Internet Explorer.

Here is a link describing the vulnerability in depth: http://www.zdnet.com/microsoft-discloses-zero-day-in-all-versions-of-internet-explorer-7000028803/

The important takeaways are that Microsoft has not released a patch for the vulnerability at this time and the vulnerability is already being exploited in limited attacks. It is a serious enough issue that the Dept of Homeland Security has released an advisory recommending that people not use Internet Explorer until it is patched. Also, since Windows XP is no longer supported by Microsoft they will not be releasing a patch for XP.

Most networks should have several layers of protection to mitigate exposure to the vulnerability. First thing to note is that a user will have to open a website that exposes the vulnerability in order for their PC to be attacked. A user would not be exposed simply by using Internet Explorer on legitimate websites. The most common attack vector will likely be phishing attempts sent via email that will try to trick users into clicking links to open a website with IE which would then expose the vulnerability. Tier1net’s McAfee Antispam/Antivirus service would quarantine those emails as spam, and/or modify the URL to pass it through its ClickProtect proxy. So, even if the user clicked the link and opened it with IE, McAfee should block the URL from loading within the browser.

All that being said, Tier1net recommends that Chrome or Firefox be used in place of Internet Explorer until a patch is released. Regarding Windows XP, since the patch will not be made available to XP PCs, Tier1net suggests installing Google Chrome on all XP PCs and setting it as the default browser. Tier1net’s Managed IT customers can have this process fully automated with no disruption to end users.

As always please contact Tier1net Support should you have any questions or concerns relating to this issue.