Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
Network Security
DDoS Protection Powered By Verisign
Average Rating:
Rate this article:  
Is Your Enterprise at Risk from IE Zero-Day Flaw?

Is Your Enterprise at Risk from IE Zero-Day Flaw?
By Jennifer LeClaire

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

"The best advice is to ensure all systems have EMET (Microsoft's Enhanced Mitigation Experience Toolkit) deployed and that unnecessary browser add-ons are disabled. This should be part of an enterprise's standard security posture and shouldn't require extra cycles or last-minute deployment," said security researcher Tyler Reguly.
 


After announcing a zero-day vulnerability in Internet Explorer over the weekend, Microsoft has updated its advisory to make the workarounds more clear for enterprises affected. The good news is attacks in the wild only affect versions 9, 10 and 11.

First, let's review the danger. Microsoft reported that an attacker that successfully exploits this vulnerability -- which uses Adobe Flash as a way in -- could gain the same user rights as the computer's user.

"If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system," Redmond said. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

Microsoft suggested its Enhanced Protection Mode as a workaround. EPM is a feature found in IE 10 and 11 on 64-bit systems.

The update Tuesday to the weekend security advisory clarifies that EPM will help protect users of Internet Explorer 10 on Windows 7 for x64-based systems, Windows 8 for x64-based systems, and Windows RT, and Internet Explorer 11 on Windows 7 for x64-based systems, Windows 8.1 for x64-based systems, and Windows RT 8.1.

When Will the Madness End?

We caught up with Jeff Davis, vice president of engineering at security solutions firm Quarri Technologies, to get his take on the zero-day flaw. He told us browser vendors will never patch the "last vulnerability," and we'll probably always have to deal with new zero-day drive-by exploits from time to time.

"To give you an idea of the complexity of modern browsers, Chrome and Firefox each have more than 7 million lines of code and average more than 4,000 commits per month," said Davis. "Even if one of them spent three months doing a massive security audit, by the time they finished there would be 12,000 additional changes to review."

On top of that, Davis said, security audits don't pay the bills unless you're the auditor, so patching issues will always be to some extent a reactive process. Given all this, he concluded, purpose-built browser security solutions are a necessity these days for browsers that handle sensitive information.

Who's Most at Risk?

Tyler Reguly, manager of security research at security software firm Tripwire, told us many enterprises users don't have permissions to install alternatives to IE -- so it's gong to continue to be a target for attackers.

"People are overlooking Microsoft's mention of 'limited, targeted attacks.' Exploits for the vulnerability aren't widespread yet and may not become widespread before patches are released," Reguly said. (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Network Security
1.   UPS Stores Hit by Data Breach
2.   Target Data Breach Cost: $148 Million
3.   Aruba Handles Black Hat with Aplomb
4.   Chinese Hackers Steal Patient Data
5.   FBI Cybersquad To Add Agents


advertisement
Aruba Handles Black Hat with Aplomb
Network firm sees 2,376 DoS attacks.
Average Rating:
UPS Stores Hit by Data Breach
Biz must adopt better security measures.
Average Rating:
Target Data Breach Cost: $148 Million
Better customer data protection needed.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
UPS Stores in 24 States Hit by Data Breach
Big Brown has been breached. UPS said that about 105,000 customer transactions at 51 of its UPS Store locations in 24 states could have been compromised between January and August.
 
Cost of Target Data Breach: $148 Million Plus Loss of Trust
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 

Enterprise Hardware Spotlight
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 
Three New Lenovo PCs Aimed at Business Users
Businesses everywhere want computing solutions that do more for less money, and Lenovo has unveiled three new desktop PCs that offer solid computing at a budget-minded price.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 

Mobile Technology Spotlight
Samsung, B&N Target Amazon with Nook Tablet
They've seen the enemy and it is Amazon. So Samsung and Barnes & Noble are teaming up to combat their common foe with a 7-inch tablet that blends Samsung’s tech, Nook’s content and e-reader platform.
 
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 
Apple Stock Soars Ahead of iPhone 6 Launch
The imminent release of the iPhone 6 -- and maybe even an iWatch -- has sent Apple's stock soaring to new heights. Considering what else the firm could have up its sleeve -- the stratosphere may be the limit.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.