Internet Explorer Out-of-Band Patch Released
GSA Reference Number: AD100331-01
Microsoft has a released a security update that patches 10 reported vulnerabilities in Internet Explorer. The reported vulnerabilities could potentially allow attackers to execute remote code by tricking users into viewing specially-crafted web pages. This security update is rated Critical for all releases of Internet Explorer and it is highly recommended that all users apply the patch immediately. The Microsoft bulletin can be found here, and the update can be applied through Windows Update.
Malware Infection Methods: Drive-by Downloads
Now that the Internet has been around for some time, users are starting to become more adept at protecting themselves from Web-based threats. Users have learned that certain parts of the Web or Web pages, like advertisements, can pose a security threat and, therefore, will avoid clicking on them. Unfortunately, the malware writers have also noticed the trend and continue to come up with new ways of distributing their malicious applications. The most popular method used for the past year is called Drive-by Downloads. The term Drive-by Download means users become infected simply by surfing an exploited Web page and are completely unaware of the malicious file download occurring in the background. Web browser exploits (such as IE, Firefox, Safari, etc.) and other third party application exploits (such as Adobe Reader, Microsoft Excel, etc.) can potentially allow remote code execution, which can lead to a malicious file download which is completely invisible to the user. Fake pop-ups that look legitimate, often cleverly masqueraded as anti-virus solutions, are also a popular method of tricking a user into either clicking on the pop-up to close it or following the instructions on the pop-up, both of which result in malicious file downloads.
March Microsoft Patch Tuesday
Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution. Both patches are rated Important by Microsoft and affect Microsoft Windows and Microsoft Office. Gladiator recommends that users immediately apply the Microsoft Office Excel patch. Detailed information for the patches can be found in Microsoft’s March Security Bulletin.
Previous Articles
Gladiator Research and Security
This site is here to provide security related information and articles to better protect your financial institutions. We'll be posting advisories, blog entries and trends often so be sure to check back weekly.