Microsoft released a patch this morning to update Internet Explorer and resolve the “Operation Clandestine Fox” vulnerability. Windows is including XP in this round of updates, allowing our practices some more time to make the transition to Windows 7.
The Windows Update should automatically apply to most computers overnight – however you may see a prompt show up in the task bar (pictured below). Please make sure to click on this and run Windows Update prior to using Internet Explorer. If you would like to apply the update now, it is also available in the control panel under the item titled “Windows Update.” This update will require a reboot, so save all work before applying it!
Original Post: 4/29/2014
This past Saturday, Microsoft announced a Zero-Day vulnerability present in Internet Explorer versions six through eleven. These versions represent all currently used Internet Explorer browsers, and are present on all Windows desktops. The vulnerability, dubbed “Operation Clandestine Fox” by the security firm that discovered it, takes advantage of the Adobe Flash plugin to gain access to the computer. From there, hackers can remotely control the desktop, execute code, install malware, and a variety of other nefarious activities.
The recommended approach to protect yourself from this vulnerability is to use a different browser until Microsoft has a chance to patch Internet Explorer. Mozilla Firefox or Google Chrome are both safe browsers to use for now. Some business applications or sites require Internet Explorer’s architecture. In this case, we recommend accessing only these specific applications in Internet Explorer, while using a different browser for all other sites.
Once a solution is discovered, Microsoft will only be patching its supported systems: Windows Vista and above. This will leave Windows XP systems unpatched and vulnerable. We highly encourage replacement or repurposing of all XP systems to remove them from the external environment. If you have XP systems in your infrastructure, please give us a call so we can develop a plan to maintain the security of your network.
Please do not hesitate to contact us via phone or email if you have any questions or concerns. We consider the security of our clients to be of the highest priority, and are available if you or any other staff need help addressing this issue.