How to Protect your Business from the Internet Explorer Zero Day Flaw
What is the IE Zero Day Flaw?
Over the weekend, Microsoft revealed that there is a newly discovered security flaw in Internet Explorer that allows hackers to take over your computer. It is called a “zero day” exploit because there was zero time between the discovery of the flaw and the first known exploits by hackers.
Basically, Microsoft screwed up big-time and has given us yet another reason why we shouldn’t use their internet browser. Bottom line: switch to Google Chrome, Firefox, or Safari.
Who is affected by the IE Zero Day Flaw?
The flaw affects nearly half of all browsers used for accessing the web. Although the affected browsers include Internet Explorer versions 6 through 11, the primary targets, according to FireEye, the security firm that discovered the exploit, are versions 9 through 11.
How does the IE Zero Day Flaw affect businesses?
Security flaws affect businesses in the following 3 ways:
- They risk your client’s information as well as your own in being exposed (this includes financial and proprietary information)
- They are huge headaches and time sink for your business unless you have great automated processes in place to implement fixes
- It creates a paranoia for potential customers doing business with you and can shy away sales of those that think you are affected
How to protect your business from the IE Zero Day Flaw
Microsoft is investigating the flaw and has not yet issued a security patch. As a result, the United States Computer Emergency Readiness Team (US-CERT), which is part of the U.S. Department for Homeland Security, has recommended that users and businesses stop using Internet Explorer until a patch has come out. We agree.
Short term fixes:
- Stop using Internet Explorer altogether until a patch is made available
- Use an alternative browsers such as Google Chrome, Mozilla Firefox or Apple Safari
If you must use Internet Explorer…
- Follow workarounds listed by Microsoft in a security advisory
- Disable Adobe Flash plugin
- “Turn on Enhanced Protect Mode”
Long Term Solution:
Install Security Patch for Windows 7 and Windows 8 released by Microsoft.
For those still using Windows XP, no patch will be made available because Microsoft ended support for XP on April 8, 2014. If you use Windows XP, US-CERT advises using another web browser.
If you are on Windows XP…
You have 3 options
- Don’t use Internet Explorer
- Pay Microsoft minimum $200/computer for support ($500/computer in year 2 of support)
- Upgrade Windows XP to Windows 7 or Windows 8
Speak to your IT department or service provider about your options.
We at Spot Migration recommend getting on to Windows 7 (or higher) as soon as possible or face even more threats and higher risk of downtime as time goes on.