On our social media feed, we’ve posted about the dangers of using Internet Explorer — the depreciated web browser from Microsoft’s bygone age — more times than an IT service should probably have to. Unfortunately, there are many businesses of all sizes who still utilize it or rely on its architecture, and it’s something we all really need to start moving past. A recent discovery involving the browser is just one of nearly countless examples.
The Latest Internet Explorer Vulnerability
This particular find is a doozy and warranted two unscheduled security updates. The vulnerability notifications labeled CVE-2019-1367 and CVE-2019-1255 included the following official statement from Microsoft:
“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user … An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Attackers Are Actively Exploiting Internet Explorer Vulnerabilities
In a nutshell, these vulnerabilities are actively being used to take over entire PCs. An attacker can literally do whatever they want to your device and your stored data once you’ve clicked on an affected webpage. Such flaws are not uncommon, and Microsoft typically patches anywhere from 10-20 browser and scripting engine remote code execution bugs each month with the Patch Tuesday bundle. Because they allow remote code execution with little or no user warning or interaction, Microsoft considers such bugs to be “critical” security risks.
Possible Internet Explorer Workarounds
Unfortunately for some organizations, having Internet Explorer is a requirement for certain pieces of software. For many businesses in fact, there’s still software from the 1980s embedded in company operations somewhere. For situations like these, there are possible workarounds. Many versions of Windows Server allow for IE to be run in a restricted mode that can reduce the likelihood of a user downloading malware. Microsoft’s CVE webpage also includes commands that users can enter into either 32-bit or 64-bit systems to protect them, by restricting access to JavaScript. However, Microsoft warns these workarounds may still impact functionality.
The best workaround is to stop using Internet Explorer altogether. Microsoft Edge is its official replacement and has been for years now. It’s safer, more functional, faster, and, if truly need be, IE can actually be run as an Edge tab. In addition, Microsoft will soon be updating Edge with a Chromium-based version.
The bottom line: Internet Explorer is outdated, obsolete and poses far too many security risks for use in this day and age. Do you need help updating your technology? Call us. That’s what we’re here for.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!