IT support professionals are dealing this week with a serious threat to corporate networks. The concern surrounds a potential zero-day attack impacting Internet Explorer users, regardless of the version of the browser being used. American companies with direct links to defense and financial industries are especially vulnerable to this attack, security researchers say, leading Microsoft to issue a security advisory.

How It Works

The attack utilizes a link to lure users to click through to a separate site. At that point, attackers are able to gain control of a user’s computer, Microsoft cautions, especially if those users don’t have a firewall or up-to-date malware protection installed. The company may release a special security update to address the problem in the immediate future.

For businesses that still have Windows XP machines lingering around, this security scare is the first major threat since support ended for the operating system in early April. There will be no security patch for Windows XP users and the vulnerability impacts Internet Explorer browser versions 6 through 11. So even outdated machines subject to little use may fall victim.

Other Operating Systems

For an added layer of security, some organizations may choose to urge users to switch to a different browser. Google Chrome and Mozilla Firefox are popular alternatives, often avoiding vulnerabilities specific to Internet Explorer. For XP users, Chrome may be an especially appealing option, since Google has stated its browser will support Windows XP until 2015.

Because networks have become sophisticated in securing against malicious software, attackers have shifted their efforts to the desktop level. Core vulnerabilities in products like Internet Explorer, Java, and Flash allow entry into business systems, especially if the process of applying patches isn’t automated. It’s important that security administrators be aware of these vulnerabilities and take measures to ensure each system is updated at all times.