4 ways to be proactive and mitigate risk
In a recent article, IBM’s X-Force research team discussed a vulnerability they identified in Internet Explorer, dating back to IE3 in 1997. With Microsoft patching the vulnerability as of November 11, 2014, the X-Force team opened up and revealed the details of the exploit, and what it could be used for.
The exploit involved Microsoft’s Object Linking and Embedding (OLE) technology, allows applications to share data and functionality. For example, OLE allows you to embed an Excel chart inside of a Word document. Using a webpage accessed through Internet Explorer 3 or above, an attacker could run code on a users computer remotely as that user (including admins). If successful, the attacker would gain full rights on the system that the user was currently active on. Additionally, an attacker could gain similar access using macros embedded in Microsoft Office documents.
While eliminating risk entirely is not an option, defensive tactics can help mitigate the potential of vulnerabilities such as this.
1. Update all systems and software.
All systems should be updated with Microsoft’s patch as soon as possible. Either use Windows update or download the patch manually from Microsoft’s web site.
2. Upgrade older systems and software.
One of the most common issues we see in many environments is the use of older software and older systems. Older software is often no longer supported by its developers, and therefore open to exploitation by attackers. The problem is that older computers often have trouble running newer software, so they may need to be replaced as well.
3. Only open websites and documents from trusted sources.
Any time you are tempted to click on a link or open a document, pause for a moment and consider a few details. Make certain the link/document is coming from a person or company you trust and does not look suspicious. Even if the item does come from a trusted source, check and make sure it is something that source would actually send to you. If a co-worker is spontaneously sending you items they might not otherwise send, there is a good chance that their email account is being spoofed as part of an attack.
4. Keep macros disabled in all Office products.
Macros are often used in MS Office documents to get a user to agree to run some piece of code, often without the user knowing what that code is. Macros are disabled by default in all Office products from 2003 onward, but enabling macros is a quick one-click process that many users may do without even thinking. Make sure that if you are enabling macros, the document is from a trusted source and the macros are necessary for your use of it. When in doubt, leave them disabled.
Future Risk Reduction
Vigilance is the key to reducing risk on individual systems. Keeping aware and up-to-date on software patches while also maintaining a healthy level of suspicion for links and attachments can increase personal security greatly. For organizations, it’s important to monitor and implement tactical security initiatives to better defend and protect your information. As the security community continues to identify and remediate new vulnerabilities, a proactive approach in all aspects of security helps mitigate risks.