You may have heard that Microsoft has announced that there is a major security flaw in it's flagship web browser, Internet Explorer (IE). The flaw is very serious and exposes ALL PC's and corporate data to significant risk of virus or data theft. It affects Internet Explorer versions 6 through 11 on a wide range of Windows operating systems, with the exception of Windows Server editions from 2003 through 2012 (on these particular operating systems, IE runs in an enhanced security configuration that mitigates the flaw).

The new remote code execution vulnerability, dubbed CVE-2014-1776, has the potential to allow hackers the same user rights on a machine as the current (authorized) user. This means that a successful attacker who infects a PC running as Administrator would have a wide variety of attacks available to them including, but not limited to, installing malware on the network, creating new user accounts, and changing and/or deleting data on the target PC.

As of this writing, Microsoft has NOT released a patch for this vulnerability; there is some indication that the patch may not be released for up to another 2 weeks. More importantly, any environments still running XP machines will not get fixes for this vulnerability on those machines as Microsoft ended support for XP on April 8th. So it is very important that any organizations still using XP machines seriously consider upgrading or replacing those machines to ensure all of their machines receive the patch when it is released.

While many agencies are recommending that users and organizations avoid using Internet Explorer altogether, there are some situations (for example, third party applications that are only compatible with IE) where this cannot be avoided. For those situations it is very important that organizations communicate with their end users to ensure very careful and vigilant use of IE. Here are some suggestions for best practice:

• Never click a link within an email or open an attachment to an email from an unknown or untrusted party. 
• Never navigate to unknown "non-business" related sites on company PCs.
•  Enable automatic updates for Windows and anti-virus software.
• Install a zero-day threat protection application that provides some level of proactive protection against unknown and future exploits. An example of this type of application is IPS (Intrusion Prevention) which is available as a service on some firewalls (Fortinet FortiGate can have IPS enabled). Do not assume that because you have a firewall and anti-virus that you are protected. The firewall only handles connection so if an attacker is connecting as permitted traffic (as defined in the firewall rules), the firewall will not stop it. If the firewall doesn't stop the traffic, anti-virus will not stop it unless it's a known virus/malware signature and zero-day vulnerabilities are, by definition, unknown vulnerabilities. However, IPS looks at process, meaning the traffic can pass through the firewall and anti-virus but IPS will still investigate that traffic to see where it's coming from, where it's trying to go, and why. If the traffic is coming in via email and trying to access the SQL server, that's suspect, and IPS will stop that traffic and alert regarding the activity.  
• The easiest way to avoid this vulnerability is to use a different web browser, such as Mozilla's Firefox, Google's Chrome, or Apple's Safari. 

Full Fortinet Blog Post Here

CCC Technologies' customers with IPS enabled FortiGate's installed in their environments are protected against this vulnerability. Please note, that if you are using Web Content Filtering alone you are not protected from this threat. If you are unsure if your FortiGate is IPS enabled or you are interested in turning on IPS, please contact service at 866.278.8648 or email service@ccc1.com.