Such a cute image concerning a very real threat. As you have more than likely heard on Saturday (4/26) Microsoft released one of their security advisories. The Advisory reports a zero-day threat/vulnerability in Internet Explorer. Internet Explorer 6, 7, 8, 9, 10, and 11 are all vulnerable. For the time being there isn’t a release date for a patch, although I’m sure the techs at Microsoft are burning the midnight oil to create a fix.
If you your computer is a Windows OS base system using any of the vulnerable versions of Internet Explorer you are at risk if you visit a compromised websites containing malicious code designed to exploit the vulnerability. Fortunately there are alternatives to Internet Explorer; I personally use Mozilla’s Firefox as my default browser.
As this saga unfolds we will continue to learn more about the implications and the mitigation strategies developing to handle deal with this latest threat.
For now, there are a few recommendations I can pass along from the available research thus far:
- Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones.
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
- Unregister VGX.DLL.
- Modify the Access Control List on VGX.DLL to be more restrictive.
- Enable Enhanced Protected Mode for Internet Explorer 11 and Enable 64-bit Processes for Enhanced Protected Mode.
Recommended Best Practices (from www.symantic.com)
- Symantec recommends customers use a layered approach to securing their environment, utilizing the latest Symantec technologies, including enterprise-wide security monitoring from Edge to Endpoint.
- Do not use out of date software, keep your operating system and software up to date with the latest versions and security patches.
- Run all software as a non-privileged user with minimal access rights.
- To reduce the impact of latent vulnerabilities, always run non-administrative software as an unprivileged user with minimal access rights.
- Deploy network intrusion detection systems to monitor network traffic for malicious activity.
- Do not follow links or open email attachments provided by unknown or untrusted sources.
- Memory-protection schemes (such as non-executable stack and heap configurations and randomly mapped memory segments) will complicate exploits of memory-corruption vulnerabilities.
- Symantec encourages users to apply all relevant patches when they are available.
Stay tuned and give us a call with your questions or concerns.