by Neil MacDonald | March 10, 2010 | Comments Off on Another Zero-Day Attack on Internet Explorer: Time to Switch Browsers?
After yesterday’s patch Tuesday release, Microsoft also released this security bulletin affecting IE6 and IE7 (but not IE8). Similar zero day attacks on IE6 made headlines earlier this year when Google and other organizations were attacked and intellectual property stolen. With this latest zero-day, Microsoft reports that targeted attacks have been observed in the wild. From Microsoft’s bulletin:
At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Does this mean it is time to switch off of Internet Explorer? Certainly, get off of IE6 ASAP – we’ve been advising Gartner clients to do this since 2006 and I provided this advice and more here and here after the IE/Google/China attacks. You don’t have to wait on a Windows 7 upgrade to do this, but application compatibility might be holding you back.
But what about getting rid of IE entirely? I don’t believe that’s the best strategy. While it might provide some short term relief from this specific incident, all browsers contain yet-to-be-discovered vulnerabilities and all will have zero day attacks that appear against them, especially as these browsers gain market share and become more attractive targets for hackers.
For Gartner clients, we’ve just published this research note outlining a strategy that will work: Don’t standardize on a single browser. In fact, for many organizations, standardizing on two browsers provides the right balance of user choice and the ability to switch quickly to the secondary browser in the event of a zero-day attack on either. There are other benefits as well discussed in detail in the research note.
Evaluating the Security Risks to Blockchain Ecosystems
Blockchain is early in its development, and long-term investments can be risky. Security and risk management leaders must temper the hype with effective risk-mitigation techniques.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.