November 14, 2018

Should we stop using Internet Explorer?

Spy GamesThe latest Zero-Day exploit of Internet Explorer, Operation Clandestine Fox, has been in the news and raising questions for many small business owners. In today’s Tech Talk Tuesday we’ll attempt to explain the concerns and actions required and the bigger underlying security patch management need.

Operation Clandestine Fox sounds like the type of thing you would read about in a spy novel because it is. This latest exploit follows a pattern of exploits originating from foreign operatives to gain access to sensitive information that would be beneficial to their government or business interests. In it they plant a compromised flash file onto a website likely to be visited by someone using a computer that has access to information they desire. When they lure the user to the infected page, it uses a vulnerability in Adobe Flash to gain access to a vulnerability in Internet Explorer to download and launch the flash file which then can be used in tandem with other tools to gain access to information available through that computer.

While it may be unlikely that your computer has access to the type of information they are attempting to retrieve, the bigger concern for small business is how other thieves may now use this exploit for other purposes. Microsoft and Adobe are working to release patches to close the vulnerabilities.

So what should you do to protect yourself and your business?

  1. Have a patch management system. While this exploit is in the news, there are hundreds of others that are more relevant to small businesses that have been in the wild and patches are already available. Our Onsite Logic 24/7 service for desktop computers includes remote patch management to keep your computers up-to-date on patches for Windows, Office, Adobe, Oracle, Firefox, Chrome, etc. There are simply too many patches from too many different software companies for most small businesses to do this on their own and ensure it is happening on every company owned computer. That is why we include it in the Onsite Logic 24/7 service plan.
  2. Practice Safe-Computing. Limit your web-surfing to trusted sites. Don’t open links in emails from sources you don’t know. If you run across something suspicious, report it immediately. These common-sense things are the most important steps you can take both at work and at home.
  3. If you have access to classified government information, you should stop using Internet Explorer until a patch is released. If you would like to switch, you can use Firefox, Chrome or Safari. The attack targeted Internet Explorer because it is on every Windows computer. It does not mean vulnerabilities may not exist in other software programs that could be exploited in the future. Regardless of what program you use, the most important step is to ensure it is the most current version with all patches and updates installed.
  4. Accelerate plans to replace Windows XP computers. When Microsoft issues a patch for this vulnerability it will not be available to Win XP computers. The concern here is that other attackers will use these newly publicized vulnerabilities to craft other exploits that could target information you have.

If you have specific questions or would like to discuss patch management for your systems, please call Onsite Logic at 913-851-7483 for a personal consultation.