SecureData Security, part of JSE-listed SecureData Holdings and the sub-Saharan distributor for Shavlik Technologies, the market leader in simplifying and automating critical-to-perform and manage IT operations, recently commented on the latest Microsoft out-of-band patch that repairs a zero-day flaw in Internet Explorer.
“Microsoft recently released a new out-of-band patch designed to address the serious undiscovered flaw in Internet Explorer that was used to launch a zero-day attack against Google users in China,” commented Jason Miller, data and security team leader, Shavlik Technologies. “The exploit allowed hackers to trick users into installing malware on targeted machines which could then be used to steal data.”
“The attack looks like a message that's sent from a trusted source via email or social media, so when the user clicks on a link or file, it triggers the hack. The exploit opens a back door which then compromises the machine of the target. This attack was designed to exploit PCs, netbooks and laptops using Internet Explorer version 6 running on Windows XP. By issuing this out-of-band patch now, Microsoft has cut the time hackers could use to exploit the vulnerability in advance of the February 9 Patch Tuesday bulletin releases.”
Shavlik reports that users of Shavlik NetChk Protect and its Shavlik NetChk Agent are protected against this flaw. The Shavlik NetChk Agent, which integrates Sunbelt Software’s award-winning VIPRE antivirus + antispyware engine, detects the exploit code and blocks it from executing. IT administrators can use the Shavlik NetChk console to quickly and easily determine that VIPRE threat signature files and engines are up-to-date. Once the out-of-band patch is released, the Shavlik NetChk Agent will deploy the patch. The Shavlik NetChk Agent reduces agent bloat by using a single agent to provide patch management and antivirus + antispyware.
Shavlik NetChk Protect is consistently ranked the best solution available for simplifying and automating critical IT operations for Microsoft Windows environments. Shavlik reports that corporate computing users running Windows Vista or Windows 7 would be challenged to exploit the flaw effectively due to advanced security protections already built into these newer versions of the Windows OS.
“However, just because it's more difficult to exploit this flaw doesn’t mean that Windows Vista and Windows 7 users also shouldn't apply this patch immediately,” added Miller.