I recently received an email from a client asking if it was safe to use Internet Explorer (IE) again. If you recall, a fairly significant vulnerability was recently discovered in Internet Explorer, opening up millions of computers worldwide to the possibility of hacking and the installation of malware. Our client’s question is a good question, and I thought it might be a good idea to answer it here on the LT blog.
The discovery of the IE flaw was announced on April 26. This vulnerability is known as a “zero-day” threat, meaning there was zero time between the discovery of the vulnerability and the first attack by someone exploiting it. The flaw relied on a well-known flash exploitation technique to bypass Windows security protection. To trigger this exploit, users would simply have to click on a link or open an email attachment, which would allow hackers to gain entrance to their computer, at which point malicious software could be installed without the knowledge of the user.
Considering that more than half of the world’s computer users – individuals, businesses, and government entities – rely on Internet Explorer to access the Internet, this vulnerability was significant. In fact, the US Department of Homeland Security took an unusual step by issuing a warning advising anyone using IE to stop using it and find an alternative web browser. Until a patch to resolve this issue was released, users of IE were at risk.
IT security has always been a work in progress, and updates are common. Microsoft releases security updates on the second Tuesday of each month, which is known as Patch Tuesday among IT professionals. Critical updates, such as the one that repaired the IE vulnerability, are released by Microsoft independent of this schedule. On May 1, Microsoft issued a patch to repair the IE vulnerability.
Has your computer updated with the patch? To be sure, you will need to make sure that Windows Update has run and installed the patch. Most computers have automatic updates turned on, but check with your IT vendor if you’re not certain. Your IT vendor should be able to give you a clear assessment on the specifics for all of the computers they help manage. If Windows has updated and installed the patch, you’re in good shape.
How to Check Windows Update for the Patch
If you use Windows 7:
If you have Windows 7, you can search for Windows Update by clicking on Start and typing “Windows Update” in the Search window just above the start button. Open Windows Update. On the left you’ll see an entry for “View Update History”. Click this – the patch would be recent (so at the top) and has the number KB2964358. The description varies based on the version of Internet Explorer you’re running.
If you use Windows 8:
Open Windows Update by swiping in from the right edge of the screen (or, if you’re using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery. Then tap or click View your update history.
If you use Windows XP:
Even though Microsoft ended support of the XP operating system on April 8, the IE vulnerability was so significant that the patch included XP. Checking Windows Update for systems running XP is similar to the process for Windows 7: click Start, search for Windows Update, and click View Update History.
By the way, if you’re still using XP, you will want to upgrade your operating system. Because Microsoft ended support of XP on April 8, applying this patch still won’t protect you from other security issues.
If Windows Update has applied the patch to your computer, you are safe to resume using IE for your browser. If your computer hasn’t updated, contact your IT vendor to determine your next steps. If your system is maintained by an administrator, that person should be able to answer your questions about the patch and if it has been applied to your system. Most importantly, if IE hasn’t been updated with this new patch, you’ll need to refrain from using it as your browser until the patch is installed.