April 29, 2014

Microsoft security flaw affecting IE users

April 30, 2014 – Online banking users using the Internet Explorer browser could be at risk from a security flaw announced by Microsoft, according to reports.

American Banker reported that Microsoft made the announcement on Saturday and that the security flaw exists in Internet Explorer versions 6 through 11, which the article said affects about one in four online users. It says Microsoft acknowledged "limited attacks" due to the security flaw and described the flaw as a "remote code execution vulnerability."

The Financial Services Information Sharing and Analysis Center, quoted in the article, said the flaw is not an easy one for a cybercriminal to exploit. FS-ISAC gathers information about cyber and physical security risks faced by the financial services industry. It works with the Financial Services Sector Coordinating Council, of which NAFCU is a member.

Experts in the Banker article noted that the easiest target for hackers in this case will likely be those who are continuing to use Windows XP since Microsoft ended its support of the operating system on April 8. (The NAFCU Compliance Blog previously reported on the XP issue.)

The United States Computer Emergency Readiness Team, or US-CERT, also released an alert regarding the IE flaw. "US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds," the alert stated.