On April 26, Microsoft released an internet security advisory for Internet Explorer versions 6 through 11. This is significant as it represents all current versions of Internet Explorer and allows a remote attacker to gain control of a computer that visits a malicious website, with an unpatched version of Internet Explorer. Currently no patch is available.
The Technical Details
This exploit appears to require the use of Adobe Flash, though Adobe Flash is not what is vulnerable in this case. Most computers use Adobe Flash or have it installed. Many websites make use of Flash which complicates the ability to disable or remove Flash. This patch will not be available for Windows XP.
Is Netgain Affected By This?
Our security team is currently evaluating any exposure. We implement many layers of defense with the knowledge that no control is 100% effective. By using many layers, all would need to fail prior to a system being compromised. Our Intrusion Detection System has been updated and will alert us to any attempted use of this exploit. Our weekly patching cycle will automatically install the patch when it becomes available.
What Should You Do?
Here are several steps to take, in order to mitigate this risk:
Upgrade away from Windows XP.
Install the patch when it becomes available from Microsoft.
Use a different web browser until this is patched.
Consider disabling VML, this is a more advanced solution but should not affect functionality.
Review the other mitigation options on the Microsoft site.
As Always, Be Very Cautious With Any Link In Email:
This will most likely come in the form of an email phishing attack. Not clicking the link is the best protection.
Some phishing emails can look very convincing. Be suspicious of every email.
Admit to yourself that everyone is vulnerable to phishing attacks.
If there were some way to know 100% of the time that an email is a phishing attack, SPAM filters would block them 100% of the time. SPAM filters are not 100% effective, and neither are people.
What If I Click On A Link That I Shouldn’t Have?
If someone does click on a link and later believes they should not have, the longer they go without telling someone about it, the longer the attacker has control over that computer.
If you’re a Netgain Customer, you can click here to contact our security officer. If you’re not a Netgain Customer, contact your IT team immediately.
If you would like more information on this issue, please click here to view the alert on the Microsoft website.