Just as you were patting yourself on the back for changing all your passwords after the Heartbleed scare, the next red flag went up. This time, a threat was being delivered as a web link emailed to unsuspecting recipients, with damages executed via the Internet Explorer browser.
On April 26, 2014, news outlets began reporting the vulnerability in all versions of Internet Explorer. As explained by Microsoft, “The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
There have been only very limited reports of this vulnerability being exploited by hackers. Because most of the targets of this attack were corporate entities, those affected may have been hesitant to report damages. The threat was deemed so serious, however, that even the Department of Homeland Security warned the public not to use the browser until the issue had been addressed.
Microsoft quickly released a workaround solution, and in a surprise move, announced on May 1 that they would also provide an update for all versions of Windows XP, even though support for the obsolete operating system officially ended April 08, 2014.
With new threats popping up all the time, what’s a computer user to do? We have a few recommendations.
One of the best ways you can avoid many vulnerabilities is to not open links or attachments in emails if you are not certain the source is legitimate.
If you maintain your own computer system, make sure your virus protection and security software is current and properly configured.
You also need to be alert and ready to act. In March, we gave you several news sources that can help you keep up on the latest tech news. Following these sources online may give you the fastest access to information. (You can find the March article in the “news and articles” link on the Company page at TekTegrity.com.)
If your IT is managed by a service provider, make sure you understand what level of service they provide in these situations. At TekTegrity, we employ security measures that greatly reduce risks for our clients. When a previously unidentified risk presents itself, our team is ready to deploy remedies as soon as they remain available. IT service providers often resolve issues before users are even aware of potential problems.
If you are still using the Windows XP operating system, keep in mind that is considered “end of life” and no longer supported by Microsoft. That means Microsoft will not develop patches for future issues. If you are currently using the XP operating system, you can consider this final update your one and only “get out of jail free” card. From now on, the only safe solution for a computer that is still on XP is to replace it with a computer running a current version of Windows.
Computer users will never be 100% safe from threats. There will always be increasing levels of sophistication among both security experts and those who benefit from finding and exploiting vulnerabilities. Make sure your IT system has the protections and plans in place to dodge the danger and minimize damage.
Russ Levanway is the CEO of TekTegrity, an IT Managed Services Provider serving the Central Coast and Central Valley. The organization’s Total Systems Management™ (TSM) service model provides preventative IT support at fixed monthly fee levels. For more information, visit www.tektegrity.com.