Microsoft has released an out-of-band security update to address the latest Internet Explorer “Zero-Day” vulnerability, as of 1PM on Thursday, May 1st, 2014. The patch has been fully tested and is ready to be released for all affected browsers. Despite previous reports, Microsoft will be releasing the security update for Microsoft XP users.
How do I download the patch for the “Zero Day” Vulnerability?
- If you have “Automatic Updates” enabled, you will not need to take any actions. The security update will be downloaded and applied automatically.
- If you do not have “Automatic Updates” enabled, you can manually update your machine by visiting Microsoft’s Security Update page and selecting your operating system.
As a reminder to all Thrive Managed Patching, ThriveCloud, and ThriveProtect customers, this patch will automatically be applied to your machine once we have tested it and approved it for release. You should continue to use other web-browsers until notified that you have been patched.
If you are a Thrive Managed Firewall customer, you have been protected from this vulnerability as long as you are behind your company’s corporate firewall.
For more information about Thrive’s Managed Patching and Managed Firewall Services, please visit our website.
This is a follow up to Thrive previous blog: “What you need to know about the Microsoft Internet Explorer “Zero-Day” Vulnerability“
The latest Internet Explorer “Zero-Day” vulnerability, first acknowledged by Microsoft on Saturday, April 26th, has left all version of Internet Explorer 6 through 11 vulnerable to exploitation. However, initial reports indicate that IE versions 9, 10, and 11 are the primary targets. According to the research firm FireEye, the exploit uses an Adobe Flash SWF file to execute the exploit. Machines that do not have Flash installed are believed to be safe. It is important to note that Microsoft will not be producing a patch for its Microsoft XP operating system. Support for this OS ended on April 8, 2014 so if you’re running this operating system on your machine, you will need to upgrade.
If you currently have a Thrive Managed Firewall powered by Dell SonicWALL, the Intrusion Prevention signatures to cover the “Zero-Day” exploit were added to your device within the last 48 hours. You are protected from this vulnerability when on the Internet behind your corporate firewall. (more…)