New XSS bug is threatening all Internet Explorer users: A Newmind PSA

If you typically run Microsoft Internet Explorer (on Windows 7 and Windows 8.1), Newmind strongly urges you to stop and find an alternative browser—at least for the time being! If you must use IE for certain banking or business related sites, then consider using a 2nd browser for everything else.

A new weakness has been discovered in Internet Explorer (even versions that are fully patched and up-to-date), allowing predators to extract login information, and direct users towards harmful content during their browsing session. Microsoft is currently working on a fix for this issue, and we’ll be updating this post as soon as that fix is live, so be sure to check back!
If you’d prefer to be notified immediately, join our email notification list.

Universal Cross-Site Scripting (XSS) bug

The bug has given predators the ability to skip a process that would usually prevent one site from accessing or altering browser cookies (or other content) in place from another site. Long story short, it’s stealing data from the cookies that websites leave in your IE browser.

This would enable attackers to easily hold onto authentication cookies (left after you’ve entered your username and password on a site), and use them to access user data that’s normally protected by a login—data like browsing history, banking info, and more. A more detailed description can be found on Arstechnica.

This statement was given by a representative of Microsoft:

“We are not aware of this vulnerability being actively exploited and are working on a security update. To exploit this, an adversary would first need to lure the user to a malicious website, often through phishing. SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against phishing websites.

We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites, and to log out when leaving sites to help protect their information.”

I’m an Internet Explorer user… Now what?

While we encourage you to take the measures outlined by Microsoft above, we put together some tips for moving forward while things get sorted out!

  • Clear your Internet Explorer cookies as soon as possible!
  • Set Internet Explorer’s security settings as high as possible (this could cause issues with some banking sites, so make sure to test your settings).
  • Don’t do “casual” browsing in Internet Explorer. Install a browser like Chrome or Firefox, and do your casual browsing there, preferably in incognito mode.
  •  
    We also strongly urge Windows XP users to consider moving to a new operating system, as it is no longer supported by Microsoft, and will leave you even more vulnerable.

    Check back for updates!

    Newmind will keep our ear to the ground and update this post as soon as a fix becomes available for the public.

    Posted in News & Press, Security and tagged .

    About

    Steve Chang is a senior member of Newmind’s Managed Services team. Leading large network overhauls to one-on-one training with end users, Steve has been in the IT industry for over 18 years. In his free time, he likes to spend time with his family and friends, dabble in the culinary arts as well as videography, and protect his local community from evildoers.