Internet Explorer Bug Poses Latest Cybersecurity Threat
In the latest news coming out of the security world, Internet Explorer has been found to have a serious bug that could give hackers access to your PC. The vulnerability, known as CVE-2014-1776, affects IE versions 6 through 11 and could allow a hacker to mirror your rights as a user – and more importantly, as an administrator.
According to PC World, “that means a successful attacker who infects a PC running as administrator would have a wide variety of attack open to them such as installing more malware on the system, creating new user accounts, and changing or deleting data stored on the target PC. Most Windows users run their PCs under an administrator account.”
The bug is serious enough that the U.S. Department of Homeland Security is recommending Internet users rely on other browsers until an IE update is available. The bug is particularly distressing for Windows XP users still remaining after Microsoft discontinued support for XP earlier this month.
It was widely predicted that XP’s end-of-life would be an opportunity for hackers to exploit the OS, since security updates are no longer being pushed to users.
On a separate note, Microsoft also announced an update to Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10 and Internet Explorer 11. Read the complete Microsoft Security Advisory HERE.
Microsoft recommends that customers apply the current update immediately using update management software, or by checking for updates using the Microsoft Update service.
Despite some confusion, the Adobe update DOES NOT remedy the wider IE browser issue; the two issues are completely separate. Eze Castle Integration – and the wider technology community – are recommending that firms use other Internet browsers (e.g. Mozilla Firefox, Google Chrome, etc.) until an official patch has been released to combat this latest cybersecurity threat.
For more information on cybersecurity threats to investment firms, check out some of our latest resources:
Whitepaper: Critical Cybersecurity Threats & How to Prepare in 2014
Article: SEC Outlines Cybersecurity Questions, Sets Magic Number at 50
Article: Microsoft XP Extends Antimalware Support, Cybersecurity Concerns
Photo Credit: Wikimedia