Internet Explorer Zero-Day Exploit – What You Need to Know

By now most of us have heard of the new zero-day exploit for Internet Explorer that was revealed last week. Beyond the realm of the media, which likes to immediately declare security issues a harbinger of doom and are quick to assign blame to everyone from the software developer to secret government agencies, these type of exploits, as well as bugs and security holes, are generally not a huge cause for concern for the end-user so long as the affected software is patched and the affected machines are promptly updated.

Poor, sad, little foxWhile opinions on browsers tend to lead to heated discussions, an objective review will undeniably reveal that various exploits and other security concerns have been discovered and made public for essentially every browser available. It is virtually impossible to design a foolproof system, and even Firefox, frequently lauded by many as superior to Internet Explorer, tends to frequently fall flat on its face.

What makes the recent Internet Explorer zero day exploit of notable concern in the Internet security industry is the fact that it affects versions of Internet Explorer as far back as version 6, first released in 2001.

The Nature of the Beast

The nature of this particularly Internet Explorer zero day exploit potentially allows for a web site to execute data-thieving code, or silently upload a malicious payload to a client or end-user machine. These aptly named drive-by downloads are already a fairly popular meathod of delivering code to a target machine, and this exploit could allow for an easier and more reliable means of accomplishing the drive-by download. The malicious payload of these drive-by downloads could contain a variety of code ranging from adware and rogue / fake security applications to remote access packages allowing a hacker to take control of or download private data from the affected machine.

For those hackers with no other dreams and aspirations in life, the exploit can also be used as a means of executing a denial-of-service attack. All things considered, a denial-of-service attack seems unlikely in all but cases of the most blunt attacks and would likely simply be seen by the end-user as a buggy web site.

The Measure of the Program

Within the Internet security industry, one of the primary measures of a good software package is how quickly and appropriately the software developer responds to exploits, bugs, and other security concerns. In this respect, Microsoft tends to do fairly well these days (although this has not always been the case) and generally addresses security flaws significantly faster than we’ve seen and expect from other developers such as Apple, an organization that has gained an unfortunate reputation for burying or simply denying security flaws.

There has been some speculation that this exploit comes fast on the heels of the recent Windows XP End of Service and may be an indication of a coming storm front, the first of an anticipated onslaught of exploits and security flaws in the new and exciting realm of a vulnerable operating system. I have even myself been cited in the argument by way of my award winning post: See You, Windows XP.

Out of Band Update

Whatever your stance on the matter, Microsoft has opted to ensure versions of Internet Explorer available to Windows XP are properly patched against this exploit. We view this as a responsible decision on the part of Microsoft, and I personally view it as an exceedingly generous act given the support state of Windows XP.

Taking Action

So you’re using Internet Explorer and are unsure of what to do at this point? Your first task should be to download and install your updates if your machine has not already done so as part of its regularly scheduled maintenance (you DO regularly install updates on your machines, right?). Your best course of action here is to use the Windows Update tool, which will automatically identify the various updates available to Microsoft software including Internet Explorer.

For those not using Internet Explorer, you are certainly not out of the woods by a long shot. This week, we saw an exploit for Internet Explorer. Your browser of choice may see an exploit next week. If you use Flash or Java, these are also popular avenues for hackers. As a point of contention, in its 2014 Annual Security Report, Cisco cited Java as representing 91% of all Indicators of Compromise (IOC).

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

See You, Windows XP

see you xp

After far more than a decade, the sun is finally setting on Windows XP as we approach its End of Life. It has been a long and exciting ride for the operating system, but this has undeniably been a long time in coming. When you consider the possible financial and logistical expense of maintaining such […]

Continue reading...

Gift Card Balance Scams (And Other Ways To Ruin A Gift)

Avoiding Gift Card Scams

Gift cards are a popular item any time during the year, but they’re especially so during the holiday season. Gift cards to Starbucks, Walmart, Olive Garden, and a host of other stores and restaurants make great stocking stuffers and help ease the anxiety for shopping for picky people on our shopping lists. The only downside […]

Continue reading...

Cryptolocker and You

Cryptolocker and You - Cryptolocker0

In the world of internet security, new versions and variants of malware appear on a daily basis, although relatively few pieces of new malware actually get notable time in the spotlight. Despite all the discussion of worms and backdoors, much of the time, new works of malware these days are designed simply to facilitate browser […]

Continue reading...

Outbreak Alert – Backdoor.Win32.ZAccess

Outbreak Alerts by StopSign Internet Security let you know when specific malware infections are trending, describe what they do, and provide tips on how to avoid them. What Backdoor.Win32.ZAccess Does: Downloads Malicious Rogue Anti-Virus Packages Significantly Slows Down the Infected Machine Displays False Error Messages Restricts Access to Various System Functions How It Infects: Can […]

Continue reading...