On Tuesday October 13th, Microsoft released a critical security patch that effects every supported Microsoft operating system (Vista – 10) and every version of Internet Explorer (7 – 11) on the market today.
The patch will address an Internet Explorer vulnerability that would allow a hacker to execute code as the current user that is logged into the workstation. An end user would only need to visit a specially created webpage for the code to be executed on the remote system, better known as a "drive bye." This exploit could be incorporated with a spear phishing attack allowing a hacker to gain access to an entire network.
For example, a fraudulent email could be sent to end users that would trick them into clicking a hyperlink embedded in an email and opening a fake website that hosts the vulnerability. The hacker’s code would then run on the end user’s workstation and allow for remote access among other "nasties". It is strongly recommended that you patch your network or workstation immediately. Windows XP systems will not be patched since the operating system is no longer supported. You will not be required to upgrade to Internet Explorer 11 to get the patch. Microsoft has released patches for Internet Explorer versions 7 through 11 running on Windows Vista to Windows 10. Chrome and Firefox browsers are not affected by the vulnerability but it is still strongly recommended to patch your workstation.
What does this mean for Hilltop Clients?
For Hilltop managed clients, we have applied these patches to your machines overnight. However, if you are not a Hilltop client, it is strongly recommended you patch your network or workstation immediately. Learn more about Hilltop Consultants, and the Network Maintenance and Network Security services we offer, click here
If you have Windows XP systems within your network, they will not be patched since the operating system is no longer supported. Having any Windows XP machine on your network is not recommended, and will leave your network susceptible to these types of threats.
If your business requires that you have certain version of Internet Explorer, do not fear. The patch will not update Internet Explorer to the latest version, it will only patch your current version. Chrome and Firefox browsers are not affected by the vulnerability, but it is still strongly recommended to patch your workstation.
Microsoft Security Bulletin