If you are a Windows user, your security has been put at high risk this past week.
Forbes released an online article confirming the NSA curveball crypto vulnerability earlier this week, and followed up by confirming an even larger security concern of a zero-day vulnerability being actively exploited. There has not yet been a fix or solution for this critical zero-day vulnerability.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released the warning of this zero-day vulnerability on January 17th, while also confirming that Microsoft is aware of this vulnerability.
This vulnerability is being found in Internet Explorer’s scripting engine and is infecting Internet Explorer on every version of Windows. The vulnerability has the capability to corrupt the user’s memory and if the vulnerability is successfully exploited, it gives the attacker the capabilities and rights of the current logged in user.
This is especially risky if the user that gets attacked has administrative rights because it poses the risk of new accounts being created, access to confidential data, abilities to alter any data, and installations onto the system that could be dangerous.
The most common way of this attack being reported is through a maliciously created website with a Jscript being implemented as the scripting engine. If the website is accessed through Internet Explorer, it exploits the vulnerability.
So what can you do to protect yourself?
Since there is currently no fix for this vulnerability, your strongest protection is using a different browser, such as Chrome or Safari. Additionally, Microsoft has advises users to restrict access to Jscript.dll, with the warning that is could lead to reduced functionality.
At The IT Company we often preach the importance of only giving administrative rights to users that absolutely need them. And this is an example of why that security practice is essential. The number one reason you shouldn’t give administrative rights to a machine, is to increase the security and protect yourself from possible risks of access to administrative capabilities such as this zero-day vulnerability Window’s users are facing.
If you are a Windows user and have concerns regarding the best way to protect yourself, contact us at The IT Company. We want to prevent you from having a bad day, by helping you take the needed steps to protect yourself from this vulnerability.