Microsoft released its monthly set of patches and updates this Tuesday and of particular note is the fact that over half of the ‘critical’ fixes (those related to security) are not being released for Internet Explorer 7, 8, 9 or 10.
So what this means is that if you’re an Internet Explorer user this is a really good time to upgrade your browser if you’re still using one of those older versions. How do you check? Open up a browser window and pull down the ‘Help’ menu and choose ‘About Internet Explorer’.
If you find you need to upgrade Internet Explorer visit Microsoft’s Download Center for the free update.
Trend Micro yesterday announced that they’ve found a vulnerability in Adobe’s Flash Player that permits systems with Internet Explorer or Firefox to become infected with Malware from Flash-based advertisements. This is a so-called Malvertisement.
These are particular insidious because a system can become infected simply by visiting a page – the user doesn’t need to click on anything.
The site where most of these infected ads are running is the popular dailymotion.com
Adobe is aware of the issue and is working on a fix that they’ve promised to release this week, but as of this morning it isn’t yet available (current build of Flash is 22.214.171.1246).
What can you do? If your organization can block access to the payload URL, that’s a good action to take. Detailed info on that URL is available in the Trend blog. If your users are running Trend antivirus products with Browser Exploit Protection they are already protected. If you’re not sure have your users disable autoplay of plugins (see our newsletter that explains how to do this here). If you want to be 100% safe, uninstall Flash from systems until a fix is released.