Please patch Internet Explorer as soon as you can. This is serious!
Microsoft are releasing four critical patches today, one of which fixes a flaw in Internet Explorer (version 6 to 11) which enables an attacker to gain full control of your system and access your data.
This is exploitable (it has been since August 2013), and is spreading like wildfire after a slow start, predominately in Asia. Full details can be found here: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893
In summary, the exploit forces the loading of an MS Office library which does not use random memory space and can therefore be used selectively to execute the malware payload.
In addition to this critical issue, Microsoft is delivering three further critical patches for most of their platforms except Windows Server 2012 R2 and Windows RT 8.1 along with some ‘important’ patches to Silverlight, SharePoint and Office.
Get patching people!
ITC recommends the use of network access tools providing detailed machine inventory to track down unlatched machines – we recommend ForeScout which does a great job of this and is very light touch. We also recommend vulnerability assessment of your key assets and for this we recommend the Qualys platform and have done for more than ten years.
ITC integrates these technologies along with log management into our NetSure360° security service powered by HP ArcSight, complete with threat feed and malware detection in order to provide true visibility, control and assurance in this rapidly evolving and highly complex landscape.
If you would like to talk to one of our seasoned security consultants about these or any other information security issues you may have please contact us on: [email protected] or call 020 7517 3900