Understand the Internet Explorer Security Vulnerability and Minimize Your Risk

You may have heard about a critical security vulnerability affecting Internet Explorer.  Our team at Acropolis would like to make you aware of the issue and provide recommendations as Microsoft and Acropolis work to remedy the issue.  Currently, we have no reports or evidence that any of our clients have been compromised, but security firms have detected this vulnerability has been exploited.  Therefore, we do recommend that your organization takes certain steps to minimize any risk.

The Issue:  Remote Code Execution Vulnerability

This problem is outlined in Microsoft Security Advisory 2963983.  In brief, the issue affects almost all versions of Internet Explorer, from version 6 through 11.  An attacker can setup a website that is designed to exploit this vulnerability, and then convince users to visit the website.  If executed, the attacker could execute any remote code in the user session.

Are My Computers at Risk?

Because the issue affects all versions of Internet Explorer, which is the default browser and one of the most popular, most computers are at risk.  The attack also relies on leveraging a popular plug-in for Internet browsers known as Adobe Flash.

Will There Be a Patch?

Microsoft is working on releasing a patch for supported versions of Windows (Vista, 7, and 8).  As soon as the patch is released and reviewed/tested by our Proactive Services Team, we will push it out to all of our managed clients.  Support for Windows XP ended on April 8, 2014.  Microsoft has not announced any patches for this version of Windows, and is unlikely to do so.  Therefore, if you are still running Windows XP you should upgrade as soon as possible.

What Can I Do While I Wait for the Patch?

If you already have another browser installed, such as Chrome, Firefox, or Safari, it is recommended that you use those browsers instead.  You can continue to use Internet Explorer for trusted sites or where required by your applications.  If you do not need to use the Adobe Flash plugin, you can disable it.  Also, if you are using Windows 7 or 8, with Internet Explorer 11, you can enable Enhanced Protected Mode.  Instructions for making these changes are listed below.  Acropolis may recommend additional workarounds as they are vetted.  If you have any questions about your options, please contact your VCIO or our service department.


Acropolis April 2014 Newsletter

Read More


Common Viruses and Healthy Habits to Avoid Them

Viruses are like the secret agents of the cyber world; always pretending to be something they are not in order to get information from you (spyware anyone?). To help you deal with these sneaky pests, we have compiled a list of ways to counter them, so you can be your very own cyberspy. However, first, let’s familiarize ourselves with a few types of viruses:

This is a pretty broad term for generic viruses used for different purposes by different users.  Whether it’s slowing down your system, causing random shutdowns, opening it up for other viruses to get in or just changing your screensaver to an angry baboon, they will usually use the tried and true methods to get them on your system. Run-of-the-mill methods can include pop-ups, unsolicited downloads, transference through and unsecured network etc.

Virus MO
The method here is in the name. It will tell you that your computer is infected with viruses and needs to be cleaned then ask for payment. In some cases it will falsely inform you that Windows XP needs to be renewed. It will then hold your computer ransom and ask for payment to resolve the issue. The issue of course will not be resolved and it will ask for payment again.

Virus MO
This one is a type of Ransomeware (or Cryptoviral Extortion) that, instead of lying about viruses infecting your computer it informs you of your aucticious internet crimes and that a $200 fee is due to the FBI and asks you to use a Moneypak or some other prepaid card. Since it doesn’t ask for information like a credit card that can be charged every month this will likely pop up again.

How to prevent them
1. Never give out your information.
By the time it says “give us your info”, red flags should be going off. Always be wary of unsolicited companies or software asking for your information.

2. Verify legitimacy of downloads
Whenever you are asked to download something always make sure it is legitimate software (e.g. if you want to play a video and it asks you to download the latest version of Adobe Flash Player, search Adobe and see if the site is the same as the one you are directed to).

3. Never allow pop ups unless you know what they are
You can set your browser options so as not to allow pop-ups and then allow them individually when you are expecting one that you know is safe. This will decrease your likelihood of contracting a virus by quite a bit.

4. Don’t connect to networks you don’t know
If it’s an unsecured network chances are you’d be better off waiting for something more secure.

5. Don’t plug anything in that isn’t yours or that you don’t know.
Usually viruses are distributed online but every now and then they go for old-fashioned methods. If you aren’t sure what is on a certain flash drive or external hard drive, don’t plug it in to your main workstation.

These rules don’t work as a universal remedy. There are plenty of ways to get a virus on a computer but these are the usual suspects. Just following these rules and precautions will cut down quite a bit on the viruses that you contract. Of course, if you are still worried you might have or get a computer virus, make sure to talk to your local IT professional. Many IT service providers have software and additional protocols in place to help prevent the contraction of viruses.

About the author: Josiah Branaman is a business professional at Endsight, an outsourced IT company serving the San Francisco and East Bay Area. His passions include podcasts, high modernist literature and a great cup of tea.