Contrary to our previous assertion, Internet Explorer hasn’t finished with us yet. According to Microsoft Security Bulletin MS15-093, a memory corruption vulnerability “could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.” This roughly translates to “your administrative privileges just transferred to Mr. Hacker over at remote location 3.” Corrupt memory allows a hacker to take complete control of a computer with all the privileges of a user (so if you aren’t an administrator, things are slightly less painful for you. Not much, but sometimes beggars can’t be choosers).
While Microsoft Edge, which shipped with Windows 10 in addition to Internet Explorer, doesn’t have this vulnerability, all supported versions of IE (7 to 11) are susceptible to attack and should be updated as soon as possible to prevent breaches. Microsoft considers the update critical and strongly advises immediate update as all Windows operating system versions are affected. On the upside, the only way for the vulnerability to be exploited is the user clicking on the wrong thing, so if you stay away from email attachments you aren’t expecting and all internet browsing, it might be possible to avoid the problem. Not advisable, but possible.
To update, go to the Start menu in Windows, click All Programs, and click Windows Updates. The update will be there and available. Likewise, you can also go directly to Microsoft’s site and download the patch from there.
As always, Micro Visions’ Securelink Managed Services clients do not need to take any action. We have already pushed through the update to your system to prevent this issue.
If you are not a Securelink client and would like to learn more about our proactive managed services, please contact us today.