The Internet Explorer vulnerability (CVE-2019-1367) is a critical zero-day bug.
I mean now, right now, uninstall it – every version of Internet Explorer needs to be removed. On Monday, September 23, Microsoft made an announcement and immediately deployed out-of-band updates for Internet Explorer. This update prevents a script from executing without any interaction by the user. A simple visit to a website can compromise your computer.
Full information and guidance can be found here: CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability.
Make the Switch from Internet Explorer to Microsoft Edge
Microsoft recommends an immediate upgrade to Microsoft Edge on all supported operating systems. This includes Windows 7, 8 and Windows 10.
Earlier this year in February, Microsoft advised users to stop utilizing Internet Explorer and to migrate to their Edge platform. In April of this year, hackers were able to identify and advise Microsoft through their bug bounty program that just having it installed in your workstation is considered a security risk, even if you never use it. That advisor is found here: Internet Explorer zero-day lets hackers steal files from Windows PCs.
Why Internet Explorer is Vulnerable
Internet Explorer 11, which is standard in all operating systems after Windows 7 with the latest patches, has not been updated since July 2015. It presents a clear and present danger to those that are still using it. Because this product is no longer being developed or updated, it provides a major security issue for those who are still utilizing it.
Looking Forward: Edge Chromium
As announced earlier this year, Microsoft has joined the Chromium organization to revamp Edge. Chromium is the “grandfather” to Google Chrome, and its codebase is very well supported in the community. Options and features are all shared through all members. That means that Google and Microsoft are working together to make it a secure browser that runs on multiple platforms. At Triton, we have deployed Microsoft Edge Chromium Beta, and so far we are thoroughly enjoying it.
Notice to Current Clients
As advised in the past, we are recommending all of our clients immediately stop using Internet Explorer for many security reasons. If your software vendor requires it, make a concerted effort to have them migrate to a different platform. We do have available isolated workspaces, but we extremely recommend not utilizing them in your day-to-day operations.
Microsoft has given Triton a script to remove Internet Explorer and to replace it with Microsoft Edge. We are currently awaiting approval to have that script deployed throughout our clients’ enterprises.
If you’re looking for a managed service provider who provides this proactive troubleshooting and support, contact Triton Technologies today.