Understand the Internet Explorer Security Vulnerability and Minimize Your Risk

You may have heard about a critical security vulnerability affecting Internet Explorer.  Our team at Acropolis would like to make you aware of the issue and provide recommendations as Microsoft and Acropolis work to remedy the issue.  Currently, we have no reports or evidence that any of our clients have been compromised, but security firms have detected this vulnerability has been exploited.  Therefore, we do recommend that your organization takes certain steps to minimize any risk.

The Issue:  Remote Code Execution Vulnerability

This problem is outlined in Microsoft Security Advisory 2963983.  In brief, the issue affects almost all versions of Internet Explorer, from version 6 through 11.  An attacker can setup a website that is designed to exploit this vulnerability, and then convince users to visit the website.  If executed, the attacker could execute any remote code in the user session.

Are My Computers at Risk?

Because the issue affects all versions of Internet Explorer, which is the default browser and one of the most popular, most computers are at risk.  The attack also relies on leveraging a popular plug-in for Internet browsers known as Adobe Flash.

Will There Be a Patch?

Microsoft is working on releasing a patch for supported versions of Windows (Vista, 7, and 8).  As soon as the patch is released and reviewed/tested by our Proactive Services Team, we will push it out to all of our managed clients.  Support for Windows XP ended on April 8, 2014.  Microsoft has not announced any patches for this version of Windows, and is unlikely to do so.  Therefore, if you are still running Windows XP you should upgrade as soon as possible.

What Can I Do While I Wait for the Patch?

If you already have another browser installed, such as Chrome, Firefox, or Safari, it is recommended that you use those browsers instead.  You can continue to use Internet Explorer for trusted sites or where required by your applications.  If you do not need to use the Adobe Flash plugin, you can disable it.  Also, if you are using Windows 7 or 8, with Internet Explorer 11, you can enable Enhanced Protected Mode.  Instructions for making these changes are listed below.  Acropolis may recommend additional workarounds as they are vetted.  If you have any questions about your options, please contact your VCIO or our service department.