VUIT has issued a recommendation to avoid using the Internet Explorer Web browser for now due to some recently identified vulnerabilities that could allow hackers to install malicious software on a user’s machine. The vulnerabilities have been reported widely in the news.
To the extent possible, users should consider using another Internet browser until Microsoft implements changes to address the problem. It is acceptable to continue running Vanderbilt applications that can only operate with Internet Explorer. But users are advised not to browse to sites outside Vanderbilt using Internet Explorer.
Microsoft has indicated the vulnerabilities exist in Windows servers 2003, 2008, 2012, XP, Vista, 7, 8 and 8.1.
For these attacks to work, a user would have to visit a malicious website attempting to install the code. Microsoft reports that attacks could also come from “websites that accept or host user-provided content or advertisements” where an attacker could insert malicious code.
Recommended strategies for mitigating potential problems include:
- Using any Web browser except Internet Explorer if you are operating with Windows XP, since it is no longer supported and will not be receiving a patch.
- Making sure your Web browsers are up-to-date.
- Downloading the most current version of Flash from Adobe Systems Inc. This update includes an emergency security update issued to fix a critical flaw in Flash Player software. Flash is currently being exploited in active malware attacks.
- Disabling all Adobe Flash browser plugins in IE, which also stop the attack, since Flash is a necessary stepping-stone for the attack to work.
- Disabling a feature in Internet Explorer called “Active Scripting.” This will also prevent Flash from running in the browser.
- Going to Internet Options > Security and setting the slider to High. This will allow IE to run in a more secure mode.
- Limiting a user to a non-administrative account to prevent the vulnerability from affecting an entire PC.
- Following the guidance in the Microsoft Safety and Security Center, including enabling a firewall, applying all software updates, and installing anti-malware software.
- Ensuring your antivirus software is up to date.
- Exercising extreme caution when opening email attachments.
If you suspect your computer has been infected, immediately power down and contact your local support provider or the Help Desk.
According to VUIT, the vulnerability is a remote code execution that has the potential to give hackers the same user rights as the current user. That means a successful attacker who infects a PC running as administrator would have a wide variety of attack options open to them, such as installing more malware on the system, creating new user accounts, and changing or deleting data stored on the target PC. Most Windows users run their PCs under an administrator account.
After completing its investigation of the malicious software, Microsoft is expected to take appropriate action to protect customers, which may include providing a solution through a monthly security update release process or an out-of-cycle security update, according to VUIT. Meanwhile, VUIT Information Security Operations is actively working to block infection channels and enhance detection capabilities.
For additional information:
https://technet.microsoft.com/en-US/library/security/2963983
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1776
Contact: IT Help Desk (615) 343-9999
it@vanderbilt.edu