On April 26th Microsoft released Security Advisory 2963983 in response to a vulnerability in Internet Explorer that has the potential to allow remote code execution. This is a zero day exploit meaning that the vulnerability was only just discovered at the time of the attack, and there are no available patches or software updates for it as yet.  The vulnerability affects all versions of Internet Explorer, leaving approximately 1 in 4 computers exposed to the attack. The US and UK governments have issued warnings to stop using Internet Explorer until the vulnerability is fixed.

To protect your organization from this exploit, Dell Endpoint Systems Management (ESM) strongly recommends that organizations move all their systems off Windows XP as soon as possible so they are not left unprotected when Microsoft releases a patch to remedy this vulnerability. Microsoft stopped supporting Windows XP last month and will not be issuing security updates to systems running on XP. Organizations with systems running on Windows XP must stop using Internet Explorer and use another browser, such as Firefox or Chrome since this vulnerability is only on Internet Explorer.

For systems that must use Internet Explorer for compatibility with applications or other reasons, Dell ESM recommends changing Internet Security settings on all XP systems to High, adding secure web sites to the list of safe sites and removing Adobe Flash from all XP systems since the exploit relies on Adobe Flash. Organizations need to enforce these settings so that users cannot change them.

Dell ESM Solutions can help you quickly and efficiently accomplish all of the above recommendations. Here’s more information on how Dell ESM can help organizations:

  • Windows Migration: For hardware upgrades or refreshes, the Dell KACE K1000 management appliance can quickly determine whether your systems are compatible with Windows 7 or 8. The KACE K2000 deployment appliance can easily and quickly migrate your systems from Windows XP to Windows 7 or 8 XP.
  • Change IE Security Settings: The K1000’s built in scripts can help you quickly and automatically change the IE security settings on all of your systems to High. Scripts can also quickly identify and designate both safe and unsafe web sites for all of your systems. The K1000 can be used to automatically remove unsafe software, such as Adobe flash for this particular vulnerability.
  • Enforce Security Settings: The K1000 can be configured to periodically scan and report on security configurations while Dell Desktop Authority Management Suite can set granular user environment settings and privileges on Windows systems, including restricting user rights on an application by application basis.  This allows you to restrict user administrative rights for Internet Explorer so that users cannot change the High security settings while retaining administrative rights on software that is specifically deemed safe for their use.

For additional information, please contact us. Safe surfing!