IE Zero Day? Lets not Over React!

So yes there is another zero day bug in IE 8.  So what does this mean?  Well for those still using IE 8 there is a good chance you are still running Windows XP which is EOL (End of Life).  So one consideration would be to move to a newer operating system such as Windows 7 or Windows 8.1.  More info can be found here –> http://www.v3.co.uk/v3-uk/news/2346530/microsoft-promises-fix-for-internet-explorer-zero-day-flaw

 

My advice is as follows:

  • Don’t Panic! – This vulnerability is a client side type of attack which means that it would require you to click a link, go to a website, or open an email with a bad URL pointing to the exploit code.  It does NOT mean that just by having your computer on someone could get into it.
  • Upgrade to a newer OS. – As stated above look into upgrading to Windows 7 or Windows 8.1
  • Use EMET (Enhanced Mitigation Experience Toolkit) – This tool is from Microsoft and will help protect you from accidentally running code (Exploits) on your browser that you did not intend to run.  I will be posting a follow-up to this with instructions on setting up EMET.

As a final thought the common question is “Should I switch browsers?”  My answer to this is in two parts.  If you are running Windows XP and cannot upgrade for some time yes consider installing a more modern browser such as Firefox (https://www.mozilla.org/en-US/firefox/new/) or Chrome (https://www.google.com/intl/en_us/chrome/browser/) would be a great idea!

However keep in mind depending on what you have installed for 3rd party software such as Java even those browsers can be attacked via similar methods.  The thing to remember is that like I said above the attacks require end user action.

In summary.  Don’t panic the world will not end! 🙂 and try to be extra cautious of the sites you visit, and avoid clicking links in emails.  Instead look at the link itself and if it looks legit copy and paste it into your browser to try and avoid bad links.

Keep an eye out for the EMET tutorial coming up!  Thanks for reading!

Justin

Leave a Reply

Your email address will not be published. Required fields are marked *

The opinions and thoughts on this blog are those of Overflow Security members, and do not reflect those of our members employers.