Exploring Information Security

View Original

Securing Internet Explorer from the latest vulernability

Over the weekend Microsoft put out an advisory for a zero-day vulnerability in Internet Explorer (IE) that allows an attacker to gain remote access to a computer via an Adobe Flash exploit. It appears that just about every version of IE is affected.

Secure your system

The easiest and simplest way to mitigate the vulnerability would be to not use IE. FireFox, Chrome and Safari are the three big alternatives to using IE. If you must use IE, though, you can mitigate the issue by installing Microsoft's Enhanced Mitigation Experience Toolkit (EMET) versions 4.1 or 5. Just download, install and run the recommended security settings. It's really simple to install and you likely won't notice any difference in system performance. 

Disabling the Adobe Flash player in IE is another option. Click on the gear icon in the top right corner, then select Manage add-ons. Click the drop down under 'Show:' and select 'All add-ons.' Select the Adobe Flash plugin, right click and select 'Disable.'  Of course, this will break many things on the internet as many sites utilize flash in their website design.

Finally, you can enable Enhanced Protected Mode in IE. Click on the gear icon again, then select 'Internet options.' Under the 'Advanced' tab, scroll down to the security section and check the box for 'Enable Enhanced Protected mode,' apply and close out internet options.

I would highly recommend avoiding IE, but if you must use it, implement the changes above. They're pretty straight forward and easy to do. A patch is on the way, that is, unless you're still using Windows XP. If you're still using Windows XP upgrade, or be prepared to see more of these types of vulnerabilities that will be on your system forever.

Reference

http://krebsonsecurity.com/2014/04/microsoft-warns-of-attacks-on-ie-zero-day/

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

https://technet.microsoft.com/library/security/2963983

http://blogs.msdn.com/b/ie/archive/2012/03/14/enhanced-protected-mode.aspx

 This post first appeared on Exploring Information Security.