Internet Explorer’s recent security flaw

January 31st, 2010

The French and German governments have recently announced that everyone should move away from Internet Explorer. A big call. This announcement has come about because there is a specific security flaw in Internet Explorer which, as highlighted by Google, was used in a very deliberate, highly sophisticated attack, originating from China, to try and access the Gmail accounts of Chinese human rights activists. (For more geeky details on the specifics of the security flaw, head down below to **)

Now, I don’t really like Internet Explorer. I don’t care whether it’s IE6, IE7 or IE8, I don’t like it. In fact, I even agree with the general sentiments put forward by France and Germany when they suggested that people use a different browser… but that’s just my personal opinion. It *is* an insecure browser and there *are* problems with it. Admittedly, Internet Explorer 8 is a significant improvement over earlier versions.

Unfortunately, it’s not as simple as switching to a different browser. As much as I want to say, “Switch to Google Chrome, Mozilla Firefox or even Opera”, a lot of the functionality of your company intranet and SharePoint specifically requires Internet Explorer. Without it, you’ll have a hard time doing anything other than simply looking at pages hosted by SharePoint etc.

Being fair, Internet Explorer isn’t the only web browser that has security issues. Over time, vulnerabilities and security flaws have been and will continue to be discovered in every single web browser available. Switching to a different web browser won’t suddenly make you impervious to attacks from the web. If it did, then there wouldn’t be any need for anti-virus solutions, firewalls or malware removal tools. The fact that these things all exist (and have billions of dollars spent on them annually) are a pretty good indicator that there is more to it than simply switching browsers.

To ensure that your computers are as safe as possible, we deploy and monitor a range of security products including anti-virus solutions, malware detection software, hardware and software firewalls, in addition to keeping all of your systems patched and up to date with Microsoft patches and hotfixes.

If you have any concerns or queries about your system security, please contact us on 1300 554 138 and we’ll be happy to have a chat with you.

**If you want to get your geek on, feel free to continue reading for a bit more of a breakdown of the issue that brought this to light and caused all the fuss. Be warned, it might get a little geeky.

Right, still with me?

Google announced on their blog at 3PM on 12/01/2010 that there had been a security attack originating from China. Within 48 hours, Microsoft had published a security advisory (http://www.microsoft.com/technet/security/advisory/979352.mspx), letting people know that they were aware of the flaw and that they were working on fixing it. Since then, they’ve kept that advisory updated and as of 21/01/2010, they had developed a fix, published it and made it available for download.

Now, you may not be aware of this, but Microsoft normally releases its updates and patches on a specific release schedule. Given the serious nature of this issue, Microsoft chose to release it “out of band”. Meaning that instead of waiting to release it with their next scheduled updates and patches, they released it as soon as it was ready. Now, let’s have a look at the timeline of events:

12/01/2010 – Google announce an attack on their systems using this exploit

14/01/2010 – Microsoft release security advisory acknowledging the problem

15/01/2010 – Microsoft update their advisory with more accurate information following developments in their investigation; The same day, the German Office for Information Security issued a press release advising people to switch to another browser

18/01/2010 – France echoes Germany’s advice that people switch to a different browser

20/01/2010 – Microsoft released details of a work around to avoid the problem until they had finished testing the patch to correct the problem

21/01/2010 – Microsoft released a fix for this security flaw (http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx)

Interestingly, most of the calls we received about this issue have come in since the 21^st. So, in essence, by the time people became aware of this and grew concerned enough to contact us, the fix had already been released and been pushed out to the systems under our management. If you currently don’t have a managed support agreement with us and you’re not sure if you have adequate security measures in place, drop us a line or shoot us an email and we’ll be happy to help.

2 Responses to “Internet Explorer’s recent security flaw”

IE Issues… some additional thoughts - Grassroots IT

February 1, 2010
9:33 pm

[...] to David’s excellent opinion on the recent Internet Explorer vulnerability, I’d like to put forward some additional [...]

Kevin

November 17, 2010
11:25 am

IE Tab: http://www.chromeextensions.org/utilities/ie-tab/ The IE Tab extension for Google Chrome will help with IE-specific sites such as your company's Sharepoint site, if you're wanting to use Chrome as your browser.

cforms contact form by delicious:days

Contact Us!

2 Responses to “Internet Explorer’s recent security flaw”

Leave a Reply

Blog Authors

Categories

Contact Us

Contact Information

IT Services

Social Media

Email Newsletter