What you need to know about the Microsoft Internet Explorer “Zero-Day” Vulnerability

The latest Internet Explorer “Zero-Day” vulnerability, first acknowledged by Microsoft on Saturday, April 26th, has left all version of Internet Explorer 6 through 11 vulnerable to exploitation. However, initial reports indicate that IE versions 9, 10, and 11 are the primary targets. According to the research firm FireEye, the exploit uses an Adobe Flash SWF file to execute the exploit. Machines that do not have Flash installed are believed to be safe. It is important to note that Microsoft will not be producing a patch for its Microsoft XP operating system. Support for this OS ended on April 8, 2014 so if you’re running this operating system on your machine, you will need to upgrade.

If you currently have a Thrive Managed Firewall powered by Dell SonicWALL, the Intrusion Prevention signatures to cover the “Zero-Day” exploit were added to your device within the last 48 hours. You are protected from this vulnerability when on the Internet behind your corporate firewall.

If you do not have a Thrive Managed Firewall, how can you protect your business?

Thrive Networks is recommending users take the following steps to protect themselves from the latest “Zero-Day” Vulnerability affecting Microsoft’s Internet Explorer until a patch has been released and installed:

1. Do not browse the Internet using Internet Explorer, regardless of version.
2. Do not browse the Internet on any server using Internet Explorer. Commonly this is the only means of accessing the Internet from network servers.
3. Upgrade any machines running Microsoft XP. Microsoft will not be producing a patch for this operating system.
4. It is best practice to make sure you have the most up to date version of Adobe Flash. Click here to download.

If security restriction limit your users’ ability to install browsers other than Internet Explorer, you should take the follow steps:

1. Disable Adobe Flash in Internet Explorer.
2. Run Internet Explorer in “Enhanced Protected Mode” configuration and 64-bit process mode, which is available for IE10 and IE11 in the Internet Options settings. Click here for instructions.
3. Limit Internet browsing to only known, trusted websites.

How do I protect myself in the future?

Microsoft’s latest “Zero-Day” Vulnerability is just another example that viruses, spyware, and online threats don’t discriminate. Whether you’re an insurance company, an educational institution, or a financial services organization, you could be a target. The question for SMBs across industries is: how do I get the same level of protection as a Fortune 500 enterprise without investing a fortune?

Thrive Network’s Managed Firewall service provides SMBs with a cost-effective way to prevent unauthorized network access and secure critical business information – 24×7. We allow you to benefit from the added security of a firewall, without requiring additional resources, management expertise, or hardware. For more information on Thrive’s Managed Firewall or Patch Management services, please visit our website.