As chairman of the technology it is my job to provide information and resources that enable CALSPro members and process servers to further educate themselves on all things technology. These items can range from things that merely make our jobs simpler to the downright necessary. Well, this is one of those moments where you need to take note and pay attention because it down right necessary.
I come across many articles on a daily basis and I have to decide, is this the one? Is this the kind of information that the membership cannot do without? Eventually I do find the topic that I just have to pass on. Such is the case with regard to “0day” (zero-day).
It has been discovered that Microsoft’s Internet Explorer (IE) is vulnerable to a massive security flaw that can harm your computer and network. The warning comes from the United States Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) and is echoed by the UK National Computer Emergency Response Team.
US-CERT has the following message posted on its website is as follows:
“US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution.
US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft’s recommendations, such as Windows XP users, may consider employing an alternate browser.”
FireEye researchers have already said that a known gang of malicious hackers are already exploiting the previously unknown use-after-free vulnerability in targeted attacks per ARS Technica. The popular website also notes the following:
“The “zero-day” code-execution hole in IE versions 6 through 11 represents a significant threat to the Internet security because there is currently no fix for the underlying bug, which affects an estimated 26 percent of the total browser market. It’s also the first severe vulnerability to affect Windows XP users since Microsoft withdrew its support for the aging operating system earlier this month. Users who have the option of using an alternate browser should avoid all use of IE for the time being. Those who remain dependent on the Microsoft browser should immediately install EMET, Microsoft’s freely available toolkit that greatly extends the security of Windows systems.”
“Everybody should be moving off of it now. They should have done it months ago,” said Jeff Williams, director of security strategy with Dell SecureWorks.
It is my recommendation to you, as a concerned member of the association and as your Technology Chairman, that you immediately start using another internet browser until the Microsoft has completely resolved this issue. Alternative internet browser that I would suggest switching to in order of best security features are:
- Google’s Chrome (https://www.google.com/intl/en/chrome/browser/)
- Mozilla’s FireFox (http://www.mozilla.org/en-US/firefox/new/)
- Opera Software’s Opera (http://www.opera.com/)
- Apple’s Safari (can be used on PC also) (http://support.apple.com/downloads/#safari)
(A list of alternative browsers can be found at:
Please do not take these warnings lightly. The potential risk or not taking action regarding these warnings could potentially cost you hundreds if not thousands of dollars. For additional information on “zero-day” and the security warnings please visit the following websites:
US Department of Homeland Security: http://www.dhs.gov/
CALSPro Director & Technology Chair