Microsoft Security Issue with IE8 and 9

/0 Comments/in /by

On Tuesday, September 17, Microsoft released a security bulletin (#2887505) detailing a vulnerability in the Internet Explorer browser versions 8 and 9 that could potentially allow an attacker to remotely execute code on an affected machine. The vulnerability would require your personnel to actively click on a specially crafted link on a website in one of these browser versions, and could potentially compromise the machine. This vulnerability could affect Terminal servers where personnel regularly browse Internet sites, but no other server type is at risk.

Microsoft has not yet released an official patch for this vulnerability and they have not announced when they will do so.

They have however released a temporary workaround that will prevent attackers from exploiting this vulnerability, but the workaround has several caveats.

The workaround may negatively affect a number of line of business web applications including:

  • Online banking and payroll websites may not be functional.
  • Websites that require third party plugins may not load correctly or at all.
  • Custom intranet sites may not function.

The workaround does not require a reboot, but does require closing and restarting Internet Explorer to take effect.
Please note this is only a temporary fix and will be removed and replaced with the official patch once it is released.
Your Managed Service agreement also covers the official patch, and it will be deployed automatically to your machines when it comes out.

Links:

  • The original security advisory – https://technet.microsoft.com/en-us/security/advisory/2887505
  • The Microsoft FixIt workaround for the issue – https://support.microsoft.com/kb/2887505

Additional security recommendations for the short term.

  • If wanted and possible you can use a different secure browser.
  • Restrict your own internet browsing to only known and necessary business related sites and ask your staff to do the same.
  • Avoid browsing news, blogs, and other social media sites as these may contain links and advertisements with the exploit and ask your staff to do the same.
  • Be suspicious of any unrecognized e-mail that asks you to click on a link.

If you are comfortable with the possible side effects and would like to schedule a time for TNSC to deploy the temporary workaround, please contact us at 800-222-3839.

You might also like
Section -1 You'll need a driver’s license for another 10 years
Are you Using the Best Firewall?
Are you testing your disaster recovery plan?
Technology from CES 2016 that Will Blow Your Mind
A Good Day of Phishing Could Mean a Bad Day for You
A Day in the Life of a Technician
Does Anybody Have Privacy Anymore?
3 Critical Business Benefits To Having Structured Cabling
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *