Internet Explorer Vulnerability 2014 – What A CXO Needs To Do

internet Explorer pic

Delphiis | Internet Explorer Vulnerability 2014 Checklist for CXO » Delphiis Inc.

­

Vulnerabilities like the most recent Internet Explorer Vulnerability 2014 happen more frequently than we would like to think. Zero Day Vulnerabilities, as they are known as, have affected some of the top software companies in the world, in turn impacting many leading healthcare organizations.

Being prepared with a plan to address these vulnerabilities is necessary to act quickly and reduce the risk of being compromised. Use this checklist to ensure your healthcare organization is taking control of the situation.

CXO Checklist

1.     Consult with the key members of your IT security team to understand the threat, implemented safeguards and overall exposure.

2.     Identify who needs to be involved outside of IT security and build a team. Common participants often include:

  • Desktop Team: They manage configurations and understand the safeguards, such as anti-virus, that exist on the systems and within Internet Explorer.
  • Windows Server Team: They often are charged with managing the Windows patch management process.
  • Network Team: They often play a role in some of the safeguards, such as firewalls or Intrusion detection.

3. Conduct a quick assessment of your environment by asking the following questions to your remediation team:

  • Do we use Windows Operating Systems?
  • Do we use Internet Explorer versions 6-11?

IF you answered yes, continue on with steps 4-7. IF you answered no, continue on to step 8.

4. Perform an evaluation of the IT environment.

  • How many systems are vulnerable?
  • What is our mitigation plan? Common options for reducing the risk of this issue include:
    • Send out an awareness message to users alerting them to this issue and what they can do to help.
    • Look to block potential malicious web-sites through URL filtering or Intrusion Prevention technology.
    • Establish feasibility for letting users install a browser other than IE. This should include a review of your security policies to ensure this is an option in your organization.
    • Make configuration changes on vulnerable workstations. At this time, there is not a patch available. Your team should evaluate and build a plan to deploy the Enhanced Mitigation Experience Toolkit 4.1 and follow the steps in Microsoft’s suggested workaround list.
  • How long will the mitigation plan take to complete?

5. Decide how to implement the toolkit and workaround steps.

  • What resources are needed?

6. Monitor Microsoft’s website for a patch to install on your network.

7. Inform users of your policy regarding this particular Zero Day Vulnerability

8. Prevent the likelihood of a successful exploitation of this and future vulnerabilitiesIMPORTANT 

To prevent future vulnerabilities, organizations must create a fully comprehensive security program that includes performing a gap analysis to determine an organization’s vulnerabilities.  This is best practice to ensure your organization has a multi-layered approach for preventing potential attacks.

To determine where an organization is vulnerable, it is imperative to conduct regular risk assessments. At Delphiis, the risk assessment suite gives organizations the ability to automate a majority of the assessment process making it easier and more intuitive for everyone involved. Bottom line, creating efficiency within a department!

In the example below, Delphiis’ application suite easily and quickly shows the domain areas that are most vulnerable and the gaps within a security program.

Data Report: Question Composition by Realm 

This report shows by realm (domain) the number of questions asked in the assessment. This visual report helps determine if an organization is focusing too much or too little in a certain area.

Questions-by-Realm1

Delphiis | Internet Explorer Vulnerability 2014 Checklist for CXO » Delphiis Inc.

­

Data Report: Risk by Realm (domain)

This report shows the number of findings by risk level in each domain. This visual report helps determine which findings to focus on first.

Risk-by-Domain1

Delphiis | Internet Explorer Vulnerability 2014 Checklist for CXO » Delphiis Inc.

­

After the assessment is completed, a remediation roadmap can be created with a click of a button. The remediation roadmap outlines the scope, schedule and budget from the findings of the assessment allowing business decisions to be made.

 

BACKGROUND OF ZERO DAY VULNERABILITY 

What is a Zero Day Vulnerability?

A zero day vulnerability is one that is previously unknown about a computer application and is discovered on day Zero.  In this case, the Internet Explorer (IE) Zero Day Vulnerability, CVE-2014-1776, was discovered April 26, 2014.

What is CVE-2014-1776?

CVE-2014-1776 is an IE vulnerability discovered to allow potential limited targeted attacks in the following IE versions 6 through 11 on a variety of Windows Operating Systems.   Internet Explorer 6 Beta 1 was released March 22, 2001.   This means for 13 years, this vulnerability could have been exploited.

According to Microsoft advisory, “The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

This vulnerability can be an avenue for multiple attack purposes.