Internet Explorer Security Update

  • 1

Internet Explorer security alertYou may have recently been made aware of a potential Internet Explorer security threat affecting users of Microsoft’s Internet Explorer (IE), versions 6-11. At the time of this publication, Microsoft has not released information about a patch that will remove this threat but they have confirmed that browsers currently running on Windows XP will not be included in the patch when it is released. This decision is in line with the recent 4/18/14 deadline that passed where Microsoft no longer supports their XP operating system.

All Cloud9 Real Time servers run on Windows Server 2008 R2 or newer, which are included in verbiage directly from the Microsoft Security Advisory notice that states:

“By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability”

With this information regarding our infrastructure operations  confirmed, we would like to focus on presenting best practices for individual users to minimize the risk of potential vulnerability.

Please make sure you are not saving any of your login credentials on your browser. A step-by step list of deleting your passwords can be found below:

1.       Open Internet Explorer

2.       Select the “Cog” symbol in the upper right-hand corner of the screen and then select Internet Options.

3.       Under the Browsing History section, select Delete.

4.       Make sure that the box next to Passwords is checked, and then select Delete.

**Please be sure that you are reviewing the other categories listed on this window and checking/unchecking them before selecting Delete, as you may unintentionally delete other types of browsing history.

Only trust known and credentialed sources. A general best practice for safe internet use is to ensure that you are not clicking on any links,  visiting any websites, or opening any email from unknown or suspicious sources, and we encourage you to make this a routine practice to minimize potential vulnerability.

For more technical information about the nature of the threat, you will find links below to the official posts from Microsoft, FireEye and the US-CERT:

Microsoft Security Advisor 2963983: https://technet.microsoft.com/en-US/library/security/2963983

FireEye Blog Post: http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

US-CERT Alert: http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

AUTHOR

Sarah Gardiner

All stories by: Sarah Gardiner