Microsoft was alerted to a significant vulnerability in Internet Explorer, their web browser, by security company FireEye. Microsoft has acknowledged this issue.
Here is what we know:
- All versions of Internet Explorer from IE6 to IE11 are affected
- As of April 28th, 2014 there is no Patch available and there will not be a patch available for Windows XP.
- The vulnerability leverages Adobe Flash in order to attack the flaw in Internet Explorer.
What You Can Do:
- Do not use Internet Explorer on any machines that you currently have. Use Firefox or Chrome. If you must use Internet Explorer, limit it to websites that require it and only browse to those websites directly.
- Remove Adobe Flash if you are using an older version of Internet Explorer (IE9 or older). IE10 and IE11 include Adobe Flash built in so it cannot be removed
- Managed customers will automatically get the patch once it is made available. There won’t be a patch for Windows XP. If you cannot upgrade Windows XP, then do not do any web browsing on those computers, especially with Internet Explorer
- Do not click on links that you receive in email. Go directly to the website that you wish to visit.
If you have any questions, please contact us.
Over the past several years, definately since Windows 7 was released, businesses are slowly but surely replacing Windows XP. However, as of last December, around 500 million computers will still be running Windows XP. We’ve compiled the top 7 reasons why you need to give up Windows XP right away.
- Viruses, Malware, Trojans and more. Windows XP is one of the most exploited operating systems. This was improved with later releases of Windows XP, but security was bolted on after the fact. Hackers and Virus Authors have a huge library of tools to exploit your Windows XP. Many are already “zombies” and part of botnets (computers controlled by a central command to do their bidding). Windows 7 and 8 were built with security in mind from the ground up. That’s why most malicious code writers are attacking the applications now rather than the Operating System itself (see our post about Mac Viruses)
- 12 Years is a long time in Computer terms! That’s right, Windows XP is 12 years old, which is practically puts it in the senior citizen category for computer programs. In fact, it was released the same year that the first iPod was released. Since then there have been multiple generations of iPods, iPhones and iPads. No one should be running an operating system that predates the first iPod!
- Even Windows Vista is safer! Its true. Windows XP is currently the most unsafe operating system that is currently supported. Windows 7 and 8, Mac OS X, and modern versions of Linux are all safer.
- Designed for a Different Time. Windows XP was built for a different period of our computing evolution including the use of Internet Explorer (IE) 6 and smaller screens. Smartphones were essentially non-existent, Tablet computers only existed in niche markets, and laptops were huge, heavy, and expensive.
- Patches and Band-Aids. There are more patches and band-aids on Windows XP to keep it running causing Windows XP to under perform even on good hardware.
- Support is Ending. Mainstream Support for Windows XP ended in April of 2009, over 4 years ago. With only critical security updates since.
- Did I mention Malware? You can of course continue to use Windows XP, but with more malicious software than ever. Of Internet connected operating systems, Windows XP is definitely the least safe.
XP is a relic from a different time. Use it at your own risk!
Small Businesses according to American Express Open
- 25% aren’t using A/V or if they are many are out of date and ineffective
- 60% don’t protect their wireless networks at the office
- 2/3rds don’t have a security plan in place
- Less than 6% of data breaches are discovered by the company. (Verizon Data Breach Report)
50% of businesses that are hacked go out of business within 3 years
- Use Protection!… I mean software protection. For home users or very small businesses, we recommend downloading the free Microsoft Security Essentials http://www.microsoft.com/security_essentials. For businesses, we recommend using a centrally monitored end-point protection product, whether you do your monitoring or your IT Company.
- Keep Your Software Up to Date. Every first Tuesday of the Month Microsoft releases fixes to bugs they and others find. These bugs are exploited by malicious software and can compromise your computer. Patching eliminates the known flaws to programs. Include Windows, Office, Adobe Acrobat, Adobe Flash, Java (if you really need it), Quicktime, or any other “plug-in” software
- Give yourself and your employees minimal rights. It’s tempting to remove all controls and grant yourself and your staff full access to your computers because otherwise it’s a hassle. However, its best to have a separate account to do any “administrative” work.
- Use Something Better than 12345. Choose strong passwords with letters, numbers, and special characters to create a mental image or an acronym that is easy for you to remember. Create a different password for each important account, and change passwords regularly. Read http://triadanet.com/is-your-password-12345/ for more information. Consider using a password manager like 1Password or LastPass
- Be careful of where you compute. It’s great to go to a coffee shop to get some work done. It’s also a great way to get your information stolen. Although your bank provides a secure way to do business with them online, it is best to do that from your home network rather than the open network at a café or airport lounge.
- Use Good Hygiene. Don’t open unsolicited emails especially if they have attachments, or links to reset a password that you didn’t request. Consider the websites you visit. Don’t put in random USB drives or CD’s you have found or been given.
- Backup All The Time! Implement a system that security backups online whenever you have a connection whenever you make changes to a file. Not having an automatic offsite backup is a sure-fire way to forget to do it.
- Protect your sensitive data. There are tools that can encrypt your hard drive so that if someone finds your computer they won’t be able to pull data off of it unless they have your password. Don’t carry lists of your clients’ credit card accounts. Besides being a PCI violation, it’s not responsible.
- Educate yourself, your colleagues, and your staff. Most people want to do the right thing. But many times barriers are put in front of them to do their jobs. Without proper explaining the reasons why and the risks involved, participants won’t buy-in to your policies.
As you can see, some of the items on this list are things that you can install onto your computers to help protect you from the bad stuff, the others are things behaviors that if followed would greatly reduce your risk.