Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
Network Security
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Is Your Enterprise at Risk from IE Zero-Day Flaw?
Is Your Enterprise at Risk from IE Zero-Day Flaw?

By Jennifer LeClaire
April 30, 2014 10:29AM

Bookmark and Share
"The best advice is to ensure all systems have EMET (Microsoft's Enhanced Mitigation Experience Toolkit) deployed and that unnecessary browser add-ons are disabled. This should be part of an enterprise's standard security posture and shouldn't require extra cycles or last-minute deployment," said security researcher Tyler Reguly.
 



After announcing a zero-day vulnerability in Internet Explorer over the weekend, Microsoft has updated its advisory to make the workarounds more clear for enterprises affected. The good news is attacks in the wild only affect versions 9, 10 and 11.

First, let's review the danger. Microsoft reported that an attacker that successfully exploits this vulnerability -- which uses Adobe Flash as a way in -- could gain the same user rights as the computer's user.

"If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," Redmond said. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Microsoft suggested its Enhanced Protection Mode as a workaround. EPM is a feature found in IE 10 and 11 on 64-bit systems.

The update Tuesday to the weekend security advisory clarifies that EPM will help protect users of Internet Explorer 10 on Windows 7 for x64-based systems, Windows 8 for x64-based systems, and Windows RT, and Internet Explorer 11 on Windows 7 for x64-based systems, Windows 8.1 for x64-based systems, and Windows RT 8.1.

When Will the Madness End?

We caught up with Jeff Davis, vice president of engineering at security solutions firm Quarri Technologies, to get his take on the zero-day flaw. He told us browser vendors will never patch the "last vulnerability," and we'll probably always have to deal with new zero-day drive-by exploits from time to time.

"To give you an idea of the complexity of modern browsers, Chrome and Firefox each have more than 7 million lines of code and average more than 4,000 commits per month," said Davis. "Even if one of them spent three months doing a massive security audit, by the time they finished there would be 12,000 additional changes to review."

On top of that, Davis said, security audits don't pay the bills unless you're the auditor, so patching issues will always be to some extent a reactive process. Given all this, he concluded, purpose-built browser security solutions are a necessity these days for browsers that handle sensitive information.

Who's Most at Risk?

Tyler Reguly, manager of security research at security software firm Tripwire, told us many enterprises users don't have permissions to install alternatives to IE -- so it's gong to continue to be a target for attackers.

"People are overlooking Microsoft's mention of 'limited, targeted attacks.' Exploits for the vulnerability aren't widespread yet and may not become widespread before patches are released," Reguly said. (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:



Get Powerful App Acceleration with Cisco. In a world where time is money, you need to accelerate the speed at which data moves through your data center. Cisco UCS Invicta delivers powerful, easy-to-manage application acceleration for data-intensive workloads. So you can make decisions faster and outpace the competition. Learn More.


 Network Security
1.   Tor Working To Fix Security Exploit
2.   Wall Street Journal Hacked Again
3.   Dropbox for Business Boosts Security
4.   Hackers Breached StubHub Accounts
5.   Banks Hit by Android-Skirting Malware


advertisement
Android SMS Worm on the Loose
Malware lets bad actors cash in.
Average Rating:
Tor Working To Fix Security Exploit
Bug reportedly reveals ID of users
Average Rating:
New Technology Defeats Privacy Efforts
Study identifies 3 browser techniques.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.