Microsoft revealed in last week’s Patch Tuesday update that it was fixing up to 60 vulnerabilities, including two dangerous zero-day vulnerabilities. One, which exists in Microsoft Internet Explorer versions 9, 10, and 11, reportedly “could corrupt memory in such a way that an attacker could execute arbitrary code” while disguised as an authorized user.
A zero-day vulnerability is defined as a gap in software that’s unknown to the vendor and exploited by hackers before the vendor becomes aware and rushes to fix it. This specific one works in a targeted way, attracting an Internet Explorer user toward an illicit website made to look like a trusted source. Once there, the cyberattackers can exploit other compromised links or “malvertisements” to take advantage of the lapse in Internet Explorer’s security.
Similar problems with the software that drives key applications like Internet Explorer have led to major ransomware infections in the past, costing businesses and individuals thousands of dollars and compromising the security of their data.
Another zero-day vulnerability fixed by last week’s Patch Tuesday security update is a Windows Shell Remote Code Execution, which exists when Windows “does not properly validate file paths.” Similar to the Internet Explorer bug, this vulnerability could allow successful hackers to run arbitrary code while disguised as an authorized user. Exploiting this vulnerability requires a user to click a malicious file delivered via a phishing email or other spam attack.
The good news is if you have a trusted IT partner on your side keeping a 24/7 watch on the computers, laptops, networks, and servers at your company, the security patch released by Microsoft to address these vulnerabilities is carefully tested before being automatically deployed. CMIT Solutions and its security partners test such updates and patches to make sure they don’t disrupt day-to-day operations or negatively affect your business while providing you with the level of security you deserve.
Robust cybersecurity solutions are a must for your systems. At CMIT Solutions, we specialize in proactive maintenance and monitoring, reliable and remote data backup, and a multi-layered approach to keeping users safe from the most dangerous strains of malware, ransomware, email compromise, and other phishing attempts.
Looking for more information on recent Microsoft vulnerabilities like this one? Concerned that your version of Internet Explorer may have been exploited by cybercriminals? Afraid that malware, spyware, or other viruses have infected your computers? Contact CMIT Solutions today. We worry about IT security so you can concentrate on running your business.